On Tue, Oct 25, 2016 at 11:10 AM, Bob Sneidar <bobsnei...@iotecdigital.com> wrote:
> True, but isn't the issue that a malformed cert including self signed > certs are rejected? A self signed cert is not insecure, it's just less > secure than a root signed cert, and only because a background check has > been done against the cert owner. Otherwise a self signed cert is just as > valid if you know you can trust it, as when connecting to you domain > controller or copier for the first time on a LAN. After that, the cert > theoretically cannot be spoofed. > I’m working on a libURL addition that will allow you to specify hosts that should bypass SSL verification without turning it off completely. That way you let the user know a certificate wasn’t verified but allow them to override it. Here are the changes I’ve made on one of my branches: https://github.com/trevordevore/livecode/commit/6a5bc42abebca23e6b8aa611c8f0966b221441c6 I still have to put together a test and file an enhancement request for it before I can submit it though. -- Trevor DeVore ScreenSteps www.screensteps.com - www.clarify-it.com _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
