Determining SSL Authenticity

Luis luis at anachreon.co.uk
Wed Jan 3 05:22:29 EST 2007


Hiya,

You can request a certificate from the server and parse the results. A 
sample of a certificate (current X.509 standard) is here: 
http://en.wikipedia.org/wiki/X.509

Other than that you can probably obtain the appropriate documentation 
from Certificate providers like Verisign and Thawte.

Note that most browsers come with root certificates pre-installed from 
the major vendors (more info here: 
http://en.wikipedia.org/wiki/Root_certificate) and they can be used to 
validate some certificates.

Some companies generate their own certificates: In this instance you'd 
have to make sure a trust is established on which you can then base your 
checking.

Cheers,

Luis.


Derek Bump wrote:
> Andre,
> 
> Thank you so much for your response.  I'm afraid I was a little unclear 
> as to my intentions.  I am implementing altBrowser into one of my 
> projects, and unfortunately, altBrowser does not return whether IE knows 
>  if the server is secure.  I'm looking for a way of determining this 
> within Revolution so I can display that on the screen.
> 
> I just looked over the built-in documentation for SSL and couldn't find 
> much other than the encrypt and decrypt functions.  I need a way to 
> determine if the url that altBrowser is looking at is actually secure.
> 
> Any ideas? :)
> 
> 
> Derek Bump
> Dreamscape Software
> www.dreamscapesoftware.com
> 
> Andre Garzia wrote:
>> Derek,
>>
>> if the certificate is not valid, the SSL library will return you an 
>> error. Actually, in some cases, it returns an error even for valid 
>> certificates... I don't know if you can find the certificate 
>> information from inside Rev, if you are using MacOS X then you can use 
>> cURL or some other unixland tool to query the certificate data but I 
>> never tried that.
>>
>> Andre
>> PS: I simply feel like answering emails today... :-)
>>
>> On Jan 3, 2007, at 1:08 AM, Derek Bump wrote:
>>
>>> Does anyone know how to determine SSL authenticity.  For example, if 
>>> I'm connected to "https://www.somedomain.com/securepage.php", other 
>>> than the  "s" after http, how can I find out the certificate 
>>> information?
>>>
>>> Or do I just trust the fact that since the "s" is after "http" that 
>>> it's secure?
>>>
>>>
>>> Derek Bump
>>> Dreamscape Software
>>> www.dreamscapesoftware.com
>>> _______________________________________________
>>> use-revolution mailing list
>>> use-revolution at lists.runrev.com
>>> Please visit this url to subscribe, unsubscribe and manage your 
>>> subscription preferences:
>>> http://lists.runrev.com/mailman/listinfo/use-revolution
>>
>> _______________________________________________
>> use-revolution mailing list
>> use-revolution at lists.runrev.com
>> Please visit this url to subscribe, unsubscribe and manage your 
>> subscription preferences:
>> http://lists.runrev.com/mailman/listinfo/use-revolution
>>
>>
> 
> _______________________________________________
> use-revolution mailing list
> use-revolution at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your 
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-revolution
> 
> 



More information about the use-livecode mailing list