[SailfishDevel] Ignoring auto signed SSL certificates
Tigre-Bleu
devel at tigre-bleu.net
Sat Nov 9 17:56:06 UTC 2013
Hi Gianni
I agree that accepting the auto-signed certificate without prompt would be a potential security breach.
However, I think there should be a dialog automatically opened by the OS asking the user what to do (or at least delegate the dialog implementation to the app itself).
I am developping a sailfish app that is connected to an owncloud instance. Most of the time, the average geek (including me :) ) is using auto-signed ssl certificate. I don't want to force the user to use http where https could be used.
I don't know C++ so I'm not really ready to play with QNetwork. Maybe I'll find something on the internet...
Regards,
Antoine
--
Tigre-Bleu
mail/jabber: antoine.vacher at tigre-bleu.net
----- Mail original -----
De: "Gianni Vialetto" <gianni at rootcube.net>
À: "Sailfish OS Developers" <devel at lists.sailfishos.org>
Envoyé: Samedi 9 Novembre 2013 12:25:54
Objet: Re: [SailfishDevel] Ignoring auto signed SSL certificates
On Fri, Nov 8, 2013 at 7:26 PM, Tigre-Bleu < devel at tigre-bleu.net > wrote:
Hello,
The open() function of XMLHttpRequest seems to not work with auto signed ssl certificates. I have checked with valid certificates and there is no problem.
Is this the expected behavior? If so how am I supposed to fetch some data from an auto signed https page using QML?
Thanks,
Antoine
Hi Antoine,
I cannot confirm it without diving into the implementation, but i believe the behavior of XHR you are seeing is reasonable from a security point of view - the alternative could be to prompt the user for confirmation.
As an alternative you could construct the connection with QNetwork classes from the C++ side (the QSslConfiguration class should have a method to add a new CA to the list of those accepted).
Regards,
--
Gianni Vialetto
_______________________________________________
SailfishOS.org Devel mailing list
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.sailfishos.org/pipermail/devel/attachments/20131109/11e96b51/attachment.html>
More information about the Devel
mailing list