Re: interactive ssl cert handling

From: Dan Winship <danw gnome org>
To: Clint Adams <schizo debian org>, libsoup-list gnome org, dkg fifthhorseman net
Subject: Re: interactive ssl cert handling
Date: Mon, 29 Mar 2010 10:29:16 -0400

On 03/28/2010 07:21 PM, Clint Adams wrote:
> Could someone advise on the best way to implement a callback
> (in soup_ssl_get_client_credentials?) so that a libsoup-using
> application can do interactive SSL certificate validation?

You can't. You can either accept all certificates or automatically
reject all bad ones. As of 2.30, there's an API for being able to accept
bad ones but provide a UI hint (SOUP_SESSION_SSL_STRICT /
SOUP_MESSAGE_CERTIFICATE_TRUSTED), but there's not yet a way to pop up
confusing dialogs that the user doesn't understand. This will eventually
be added, when TLS support for GSocket is finished and libsoup is ported
to that; hopefully for 2.32/3.0

-- Dan

Follow-Ups:
- Re: interactive ssl cert handling
  - From: Daniel Kahn Gillmor

References:
- interactive ssl cert handling
  - From: Clint Adams

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]