We are now using a good cert for the CrossWire server, but I don’t know if all SSL services use it yet. I’d be interested if a client has that changed from false to true would properly work. It shouldn’t allow a self signed cert, which is what we used to do.
If it doesn’t work, then I’d have to configure SFTP to use it. I think that we should move toward SSL by default, e.g. redirect HTTP to HTTPS, FTP to SFTP, …. DM Smith > On Sep 18, 2016, at 2:02 PM, Jaak Ristioja <j...@ristioja.ee> wrote: > > Looking at the source it looks more like its used for FTP instead :) > > https://github.com/bibletime/crosswire-sword-mirror/blob/trunk/src/mgr/curlhttpt.cpp > > J > > On 18.09.2016 20:55, Greg Hellings wrote: >> https://curl.haxx.se/libcurl/c/CURLOPT_SSL_VERIFYPEER.html >> >> Is curlhttpt.c used for HTTPS? I don't have the source in front of me, >> but that name suggests it is only for the raw HTTP connection. >> >> --Greg >> >> >> On Sep 18, 2016 12:05 PM, "DM Smith" <dmsm...@crosswire.org >> <mailto:dmsm...@crosswire.org>> wrote: >> >> I'll look into it. >> >> >> On Sep 18, 2016, at 11:20 AM, Jaak Ristioja <j...@ristioja.ee >> <mailto:j...@ristioja.ee>> wrote: >> >>> Hi! >>> >>> In src/mgr/curlhttpt.cpp: >>> >>> /* Disable checking host certificate */ >>> curl_easy_setopt(session, CURLOPT_SSL_VERIFYPEER, false); >>> >>> Why? Afaik this allows the use of self-signed certificates for MiTM. >>> >>> Best regards, >>> J >>> >>> _______________________________________________ >>> sword-devel mailing list: sword-devel@crosswire.org >>> <mailto:sword-devel@crosswire.org> >>> http://www.crosswire.org/mailman/listinfo/sword-devel >>> <http://www.crosswire.org/mailman/listinfo/sword-devel> >>> Instructions to unsubscribe/change your settings at above page >> >> _______________________________________________ >> sword-devel mailing list: sword-devel@crosswire.org >> <mailto:sword-devel@crosswire.org> >> http://www.crosswire.org/mailman/listinfo/sword-devel >> <http://www.crosswire.org/mailman/listinfo/sword-devel> >> Instructions to unsubscribe/change your settings at above page >> >> >> >> _______________________________________________ >> sword-devel mailing list: sword-devel@crosswire.org >> http://www.crosswire.org/mailman/listinfo/sword-devel >> Instructions to unsubscribe/change your settings at above page >> > > > _______________________________________________ > sword-devel mailing list: sword-devel@crosswire.org > http://www.crosswire.org/mailman/listinfo/sword-devel > Instructions to unsubscribe/change your settings at above page _______________________________________________ sword-devel mailing list: sword-devel@crosswire.org http://www.crosswire.org/mailman/listinfo/sword-devel Instructions to unsubscribe/change your settings at above page
