Determining SSL Authenticity - Part III

Derek Bump list at dreamscapesoftware.com
Wed Jan 3 11:50:32 EST 2007 

Thank you Andre, Luis and Dave for your incite, references and 
suggestions.  It looks like I'll be spending the next few days parsing 
certificates.  Something did just occur to me after reading a little... 
  (if I'm wrong in my assumptions then please correct me)

   1. Internet Explorer comes preloaded with Certificates.

   2. Runtime Revolution does not come preloaded with Certificates.

On this basis, if I utilize the following command...

   open secure socket to "whatever.com" with message "openedOK"

... Revolution will return back some sort of error because Revolution 
cannot access the Certificates that are pre-installed with Internet 
Explorer, meanwhile IE will validate the certificate and return an "OK" 
result (provided it is OK).

On the other hand, if IE encounters a bad or unknown certificate, then 
some sort of error message will come up anyways.  IE will automatically 
take care of the issue and lead the user where they need to go.

Would I really be in the wrong if I displayed a lock icon anyways, 
considering IE's doing all the work?  Remember, you can view a page's 
certificate information in altBrowser by right-clicking it and choosing 
"Properties" and then clicking "Certificates" (and the properties show's 
the encryption information anyways).



Derek Bump
Dreamscape Software
www.dreamscapesoftware.com

Luis wrote:
> Can't have too much information:
> 
> http://www.ourshop.com/resources/ssl.html
> 
> Cheers,
> 
> Luis.
> 
> 
> Luis wrote:
>> Re-resding your post: I think I've found something closer to your 
>> request.
>>
>> http://articles.techrepublic.com.com/5100-1009-6055958.html
>>
>> http://articles.techrepublic.com.com/5100-6350_11-5287634.html
>>
>> Code signing process:
>> http://www.instantssl.com/code-signing/code-signing-process.html?currency=GBP&region=United+Kingdom&country=GB&entryURL=http%3A//www.instantssl.com/code-signing/&referrerURL=http%3A//www.hackerguardian.com/help/glossary.html 
>>
>>
>> Cheers,
>>
>> Luis.
>>
>>
>> Luis wrote:
>>> Hiya,
>>>
>>> You can request a certificate from the server and parse the results. 
>>> A sample of a certificate (current X.509 standard) is here: 
>>> http://en.wikipedia.org/wiki/X.509
>>>
>>> Other than that you can probably obtain the appropriate documentation 
>>> from Certificate providers like Verisign and Thawte.
>>>
>>> Note that most browsers come with root certificates pre-installed 
>>> from the major vendors (more info here: 
>>> http://en.wikipedia.org/wiki/Root_certificate) and they can be used 
>>> to validate some certificates.
>>>
>>> Some companies generate their own certificates: In this instance 
>>> you'd have to make sure a trust is established on which you can then 
>>> base your checking.
>>>
>>> Cheers,
>>>
>>> Luis.
>>>
>>>
>>> Derek Bump wrote:
>>>> Andre,
>>>>
>>>> Thank you so much for your response.  I'm afraid I was a little 
>>>> unclear as to my intentions.  I am implementing altBrowser into one 
>>>> of my projects, and unfortunately, altBrowser does not return 
>>>> whether IE knows  if the server is secure.  I'm looking for a way of 
>>>> determining this within Revolution so I can display that on the screen.
>>>>
>>>> I just looked over the built-in documentation for SSL and couldn't 
>>>> find much other than the encrypt and decrypt functions.  I need a 
>>>> way to determine if the url that altBrowser is looking at is 
>>>> actually secure.
>>>>
>>>> Any ideas? :)
>>>>
>>>>
>>>> Derek Bump
>>>> Dreamscape Software
>>>> www.dreamscapesoftware.com
>>>>
>>>> Andre Garzia wrote:
>>>>> Derek,
>>>>>
>>>>> if the certificate is not valid, the SSL library will return you an 
>>>>> error. Actually, in some cases, it returns an error even for valid 
>>>>> certificates... I don't know if you can find the certificate 
>>>>> information from inside Rev, if you are using MacOS X then you can 
>>>>> use cURL or some other unixland tool to query the certificate data 
>>>>> but I never tried that.
>>>>>
>>>>> Andre
>>>>> PS: I simply feel like answering emails today... :-)
>>>>>
>>>>> On Jan 3, 2007, at 1:08 AM, Derek Bump wrote:
>>>>>
>>>>>> Does anyone know how to determine SSL authenticity.  For example, 
>>>>>> if I'm connected to "https://www.somedomain.com/securepage.php", 
>>>>>> other than the  "s" after http, how can I find out the certificate 
>>>>>> information?
>>>>>>
>>>>>> Or do I just trust the fact that since the "s" is after "http" 
>>>>>> that it's secure?
>>>>>>
>>>>>>
>>>>>> Derek Bump
>>>>>> Dreamscape Software
>>>>>> www.dreamscapesoftware.com
>>>>>> _______________________________________________
>>>>>> use-revolution mailing list
>>>>>> use-revolution at lists.runrev.com
>>>>>> Please visit this url to subscribe, unsubscribe and manage your 
>>>>>> subscription preferences:
>>>>>> http://lists.runrev.com/mailman/listinfo/use-revolution
>>>>>
>>>>> _______________________________________________
>>>>> use-revolution mailing list
>>>>> use-revolution at lists.runrev.com
>>>>> Please visit this url to subscribe, unsubscribe and manage your 
>>>>> subscription preferences:
>>>>> http://lists.runrev.com/mailman/listinfo/use-revolution
>>>>>
>>>>>
>>>>
>>>> _______________________________________________
>>>> use-revolution mailing list
>>>> use-revolution at lists.runrev.com
>>>> Please visit this url to subscribe, unsubscribe and manage your 
>>>> subscription preferences:
>>>> http://lists.runrev.com/mailman/listinfo/use-revolution
>>>>
>>>>
>>> _______________________________________________
>>> use-revolution mailing list
>>> use-revolution at lists.runrev.com
>>> Please visit this url to subscribe, unsubscribe and manage your 
>>> subscription preferences:
>>> http://lists.runrev.com/mailman/listinfo/use-revolution
>>>
>>>
>> _______________________________________________
>> use-revolution mailing list
>> use-revolution at lists.runrev.com
>> Please visit this url to subscribe, unsubscribe and manage your 
>> subscription preferences:
>> http://lists.runrev.com/mailman/listinfo/use-revolution
>>
>>
> _______________________________________________
> use-revolution mailing list
> use-revolution at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your 
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-revolution
> 
> 
>

More information about the use-livecode mailing list