The spec does not mandate the hub should support HTTPS. It only advises against using secret without HTTPS because it is insecure. To write a robust subscriber you should try HTTPS with secret, falling back to HTTP without secret if HTTPS does not work.
Cheers, - alkis Google Switzerland GmbH Brandschenkestrasse 110, Zurich, Switzerland 8002 Zurich On Sun, May 26, 2013 at 10:15 PM, Kireet <[email protected]> wrote: > I was going over the protocol spec and had a question about one thing. The > spec says that the hub.secret should only be set on hub subscription > requests that are sent over SSL. However in the RSS feed the hub link may > look something like "http://pubsubhubbub.appspot.com"; or " > http://9to5mac.com/?pushpress=hub";. The latter will cause with a > mismatched certificate error if I change the protocol to https. Is the > subscriber to assume that https is supported by the hub and rewrite the > protocol (perhaps falling back to http) or is there some other indicator of > SSL support? > > Thanks > Kireet > > -- > > --- > You received this message because you are subscribed to the Google Groups > "Pubsubhubbub" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > > -- --- You received this message because you are subscribed to the Google Groups "Pubsubhubbub" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
