Yep, it should probably have the same logic as a web browser; if the cert is valid (signed, contains the correct domain, hasn't expired, etc), no need to prompt. If it is not signed by a known CA, warn the user. You should also cache these latter certs locally - otherwise, you have no verification against man in the middle attacks.
-David Waite Robert Temple wrote: > Should clients that support SSL connections to a jabber server check > to make sure that the servers certificate is valid? i.e. check if the > names match, the root is trusted, its not expired, etc. If they > should then I plan to tell the user that there is an issue with the > certificate like Internet Explorer does, and ask them if they want to > remain connected. > > Thanks, > Robert _______________________________________________ jdev mailing list [EMAIL PROTECTED] http://mailman.jabber.org/listinfo/jdev
