Hi!
In src/mgr/curlhttpt.cpp:
/* Disable checking host certificate */
curl_easy_setopt(session, CURLOPT_SSL_VERIFYPEER, false);
Why? Afaik this allows the use of self-signed certificates for MiTM.
Best regards,
J
___
sword-devel mailing
I'll look into it.
> On Sep 18, 2016, at 11:20 AM, Jaak Ristioja wrote:
>
> Hi!
>
> In src/mgr/curlhttpt.cpp:
>
>/* Disable checking host certificate */
>curl_easy_setopt(session, CURLOPT_SSL_VERIFYPEER, false);
>
> Why? Afaik this allows the use of self-signed
We are now using a good cert for the CrossWire server, but I don’t know if all
SSL services use it yet. I’d be interested if a client has that changed from
false to true would properly work. It shouldn’t allow a self signed cert, which
is what we used to do.
If it doesn’t work, then I’d have
https://curl.haxx.se/libcurl/c/CURLOPT_SSL_VERIFYPEER.html
Is curlhttpt.c used for HTTPS? I don't have the source in front of me, but
that name suggests it is only for the raw HTTP connection.
--Greg
On Sep 18, 2016 12:05 PM, "DM Smith" wrote:
> I'll look into it.
>
>
>
Looking at the source it looks more like its used for FTP instead :)
https://github.com/bibletime/crosswire-sword-mirror/blob/trunk/src/mgr/curlhttpt.cpp
J
On 18.09.2016 20:55, Greg Hellings wrote:
> https://curl.haxx.se/libcurl/c/CURLOPT_SSL_VERIFYPEER.html
>
> Is curlhttpt.c used for HTTPS?