"Ladner, Eric (Eric.Ladner)" <[EMAIL PROTECTED]> writes:
> Oops.. I finally found this info in the mailing list.
>
> I still have a question though..
>
> What mechanism is it that will allow an encrypted communication (a
> connection to the https side of the web server) without popping up
> the View/Accept/Whatever dialog for the certificate?
>
> Is there a validation done between on the client to the issuer of
> the certificat and it's just accepted if the certificate is validated?
> (i.e. the cert is validated with verisign, or whoever, and is just
> accepted if everything checks out ok).
Believe it or not, this is how things are SUPPOSED to work.
If the certificate is a valid certificate (descends from
a trusted root, not on a CRL, etc.) and has the correct
name then you get connected without any dialog (or maybe
a "you are about to enter a secure connection" dialog).
It's only if something is wrong that you get a pop-up.
It's a sad testament to how often things are wrong that
people consider the pop-up the normal state of affairs.
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
http://www.rtfm.com/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
