Le 31/08/2014 19:03, Paul Moore a écrit : > On 31 August 2014 17:27, Christian Heimes <christian at python.org> wrote: >> It's very simple to trust a self-signed certificate: just download it >> and stuff it into the trust store. > > "Stuff it into the trust store" is the hard bit, though. I have > honestly no idea how to do that. You certainly shouldn't do so. If an application has special needs that require trusting a self-signed certificate, then it should expose a configuration setting to let users specify the cert's location. Stuffing self-signed certs into the system trust store is really a measure of last resort. There's another case which isn't solved by this, though, which is when a cert is invalid. The common situation being that it has expired (renewing certs is a PITA and therefore expired certs are more common than it sounds they should be). In this case, there is no way to whitelist it: you have to disable certificate checking altogether. This can be exposed by the application as configuration option if necessary, as well. Regards Antoine.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4