Terry, There are two different things happening here. One is SSL encryption which protects the communication between your machine and the remote machine, the other is user authentication that protects the other machine from unauthorized access.
For LiveCode to trust/accept an SSL certificate as verified, it must be issued by some certificate authority (CA) that is known. Most operating systems come with a list of known CA or something similar, sorry for my lack of proper terminology but I can't recall the name of that file. If you try establish a connection to a secure server and the certificate provided by that server is not from a known CA due to one of the possible facts: * that the CA file is outdated or not found * the remote guys used some CA that is not common and not on most CA files * the remote guys are using a self-signed certificate meaning they are acting like their own authority. This will trigger an error on the SSL library, not an untrusted connection or encryption error but a CA verification error. The connection still works and is secure but the certificate can't be verified. Basically it is an error of the type "we don't know who issued this damn thing so we're screaming". You're still protected in terms of a technical standpoint. Checking out the error spilled by libURL might help you understand what is actually happening such as "is it self-signed", "is it expired"... but the SSL connection will still hold. When you use set libURLSetVerification to False you're just bypassing this verification step and jumping to the actual business of "hey machine, just encrypt this damn connection will you!". The authentication side happens on another layer. After the secure connection is stablished and that is TCP/IP juggling bytes like those street magicians, you will face the HTTP Authentication layer which is like that really big bouncer at the front door of that club you want to enter. If you passed the magician with the really entangled bytes, then, you need to present your credentials to the bouncer or you will not be allowed in. Different things on the same street but you need to pass from one to the other to arrive at your desired destination. Hope this helps andre "Question the Certificate Authority!!!" garzia _______________________________________________ use-revolution mailing list [email protected] Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-revolution
