url GET https requests --> "walking" thru certificate issues

Sivakatirswami katir at hindu.org
Tue Jan 10 15:59:54 EST 2006


OK, will test, but if I read this correctly, then my app has to  
download-write the cert to each remote-user-machine that needs  
access. This means one is distributing one's certificate "out into  
the wild" x number of copies of the cert are on x number of hard  
drive out there somewhere: does this not represent an enormous  
security hole?



On Jan 10, 2006, at 1:34 AM, David Bovill wrote:

> Sounds to me like you need to download and install a certificate  
> and then use this certificate in Rev - the process you describe is  
> what the browser does to install this certificate - so one way or  
> another you need to get Rev to point to this certificate on the  
> local machine - see the recent post from Dar regarding my question
>
> On 10 Jan 2006, at 08:47, Dave Cragg wrote:
>
>
>>
>> On 10 Jan 2006, at 01:59, Sivakatirswami wrote:
>>
>>
>>>
>>> Does anyone know a way to get libURL to "walk thru" these server  
>>> responses, just like a user would in a browser?
>>>
>>>
>>
>> Did you try this?
>>
>>    libUrlSetSSLVerification false
>>
>> It won't let you "walk thru", but may let you skip them altogether.
>>
>
> I think this won't work for you - as this is just for using htpps  
> without certificates - and you need to install one just as the  
> process of dialogues you describe does for the browser - is this  
> right Dar? Here is the relevant post from Dar which I quote - you  
> would not be using a CAcert certificate, but the right one from  
> your own server - don't ask me yet how to do this - but whoever  
> sets up your server side SSL certificates "may" understand what you  
> are talking about :)
>
>
>> From the following url
>>
>>    https://www.cacert.org/index.php?id=3
>>
>> download the Class 1 (PEM format) Root Certificate. (This will be  
>> a file named "root.crt")
>>
>> Then set the sslCertificates to this file:
>>
>>    set the sslCertificates to "/whatever/root.crt"
>>
>> Then to test, try to connect to ths test url:  https:// 
>> www.cacert.org/
>>
>>    put url "https://www.cacert.org/" into tData
>>    if the result is not empty then
>>      answer the result
>>    else
>>      answer "seem to be working"
>>    end if
>>
>> There should be no need to use libUrlSetSSLVerification. It is  
>> true by default, but if you have previously set it to false, then  
>> you should reset it to true. It certainly won't harm to  
>> specifically set it to true.
>>
>>
> _______________________________________________
> use-revolution mailing list
> use-revolution at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your  
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-revolution
>




More information about the use-livecode mailing list