> On 26 Oct. 2016, at 3:25 am, Trevor DeVore <li...@mangomultimedia.com> wrote: > > I’m working on a libURL addition that will allow you to specify hosts that > should bypass SSL verification without turning it off completely. That way > you let the user know a certificate wasn’t verified but allow them to > override it. Here are the changes I’ve made on one of my branches: > > https://github.com/trevordevore/livecode/commit/6a5bc42abebca23e6b8aa611c8f0966b221441c6 > > <https://github.com/trevordevore/livecode/commit/6a5bc42abebca23e6b8aa611c8f0966b221441c6> > > I still have to put together a test and file an enhancement request for it > before I can submit it though.
That is excellent! I really wish we could kill the global libURLSetSSLVerification with fire! One thing I might as well say now as I’ll say it in review anyway is it would be better to set individual hosts rather than the entire list in one hit to reduce the risk of different user code clobbering each other. It will also be simpler to use: - get url - verification failure - ask user if they want to trust the host anyway - turn off verification for that host Cheers Monte _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
