On 03/29/2010 10:29 AM, Dan Winship wrote: > You can't. You can either accept all certificates or automatically > reject all bad ones. As of 2.30, there's an API for being able to accept > bad ones but provide a UI hint (SOUP_SESSION_SSL_STRICT / > SOUP_MESSAGE_CERTIFICATE_TRUSTED), but there's not yet a way to pop up > confusing dialogs that the user doesn't understand. This will eventually > be added, when TLS support for GSocket is finished and libsoup is ported > to that; hopefully for 2.32/3.0 In the event that the implementor chooses to "reject all bad" certificates, how does libsoup know which certificates are bad? Does it use a known set of CAs? Or is there a callback for the certificate verification itself? (sorry i don't know more about the infrastructure already; pointers to the relevant docs would be great). Regards, --dkg
Attachment:
signature.asc
Description: OpenPGP digital signature