[SailfishDevel] Ignoring auto signed SSL certificates

khertan at khertan.net khertan at khertan.net
Sat Nov 9 18:51:45 UTC 2013 

Hi,

I m just curious, which type of apps connected to ownCloud are you cooking ?

I didn't have such problem with ownNotes and self signed certificate, but the https requests are made with python, so that's will not help you.

Regards

--
Benoît HERVIER - http://khertan.netLe 09/11/13 18:56 Tigre-Bleu a écrit :
Hi Gianni



I agree that accepting the auto-signed certificate without prompt would be a potential security breach. 


However, I think there should be a dialog automatically opened by the OS asking the user what to do (or at least delegate the dialog implementation to the app itself).



I am developping a sailfish app that is connected to an owncloud instance. Most of the time, the average geek (including me :) ) is using auto-signed ssl certificate. I don't want to force the  user to use http where https could be used.



I don't know C++ so I'm not really ready to play with QNetwork. Maybe I'll find something on the internet...



Regards,



Antoine



--
Tigre-Bleu
mail/jabber: antoine.vacher at tigre-bleu.net




De: "Gianni Vialetto" <gianni at rootcube.net>
À: "Sailfish OS Developers" <devel at lists.sailfishos.org>
Envoyé: Samedi 9 Novembre 2013 12:25:54
Objet: Re: [SailfishDevel] Ignoring auto signed SSL certificates



On Fri, Nov 8, 2013 at 7:26 PM, Tigre-Bleu <devel at tigre-bleu.net>wrote:
Hello,

The open() function of XMLHttpRequest seems to not work with auto signed ssl certificates. I have checked with valid certificates and there is no problem.

Is this the expected behavior? If so how am I supposed to fetch some data from an auto signed https page using QML?

Thanks,

Antoine



Hi Antoine,



I cannot confirm it without diving into the implementation, but i believe the behavior of XHR you are seeing is reasonable from a security point of view - the alternative could be to prompt the user for confirmation. 
As an alternative you could construct the connection with QNetwork classes from the C++ side (the QSslConfiguration class should have a method to add a new CA to the list of those accepted).


Regards,-- 
Gianni Vialetto


_______________________________________________
SailfishOS.org Devel mailing list

More information about the Devel mailing list