On Sep 13, 2004, at 1:12 PM, [EMAIL PROTECTED]
wrote:
From: Dave Cragg <[EMAIL PROTECTED]>
Subject: Re: Https
To: How to use Revolution <[EMAIL PROTECTED]>
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=US-ASCII; format=flowed
On 9 Sep 2004, at 17:12, Frank Leahy wrote:
Interesting. Anyone know if getting this error will preclude data
being returned from the https connection? For example, I can imagine
having a web server where I didn't bother getting a Verisign (or
other) certificate, but I still wanted to get and put data over an
https connection.
-- Frank
Yes. Right now it will prevent you doing this if you go via libUrl.
libUrl uses "open secure socket ... with verification", which requires
a certificate.
However, it shouldn't be too hard to add something to libUrl which
allows you to use "without verification". perhaps a "switch command"
such as libUrlSetSSLVerification <true|false> with the default being
true.
Of course, anyone using this would have to be careful. I could imagine
a faulty implementation like this:
verification fails
application asks user if he/she wants to continue without
verification
application switches off verification and completes request
application *forgets* to switch it back on again
all future https requests are unverified
end of civilisation
Dave,
Thanks, great idea.
What about the switch being on a per request basis, i.e. not a global?
Do envision adding this feature to libURL in the near future?
-- Frank
_______________________________________________
use-revolution mailing list
[EMAIL PROTECTED]
http://lists.runrev.com/mailman/listinfo/use-revolution
