On 25/07/13 13:18, Nicholas Wilson wrote: > On 24 July 2013 17:22, Gervase Markham <[email protected]> wrote: >> Have you considered giving the managed servers certs minted from a local >> company CA, and trusting that root cert in the copies of Firefox? Or >> does that not work either? > > Gervase, > > Thanks for that idea. We did try thinking through all the > possibilities here, but none of them is especially attractive.
Thanks for the rundown. I hope I haven't derailed your thread, in that I'm not the guy who can approve your patch - I was just trying to help with your problem. But I agree that either: a) a patch to allow the user to approve mixed content WebSockets in the same way as XHR; or b) a patch to allow the JS to pass a "cert to trust" when it makes an HTTPS WebSocket connection would be an OK thing. Gerv _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
