> * Allow certificate validation. This is a bit tricky; typically > certs are validated against some database of root certificates, so you > need a whole infrastructure to maintain that database. Currently, we > don't have one, so no certs can be validated. We could add a switch > to allow auto-validation of self-signed certs pretty easily. I could > add a parameter to the SSLObject constructor which would be a filepath > for a file full of root certs (see SSL_CTX_load_verify_locations(3ssl)). The simplest way to do verification is to allow the application to provide a set of root certs that it would like to verify against, and use the built-in OpenSSL verification procedure. The OpenSSL CAcerts file format is just a number of certificates concatenated together, separated by text headers that identify the boundary: -----BEGIN CERTIFICATE----- ... (CA certificate in base64 encoding) ... -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- ... (another CA certificate in base64 encoding) ... -----END CERTIFICATE----- ... I suggest we just use that. Applications which want something fancier are free to implement something :-). Bill
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4