Kate X wrote: > Hi, Now I am kind of stuck at this: > We are building application using xpcom components. I am trying to add SSL > support for our client, and I am using nsIHttpChannel interface to request a > HTTP/HTTPS page. For HTTP works fine, when trying to open HTTPS page, first > it will initializeNSS, then try to create secure socket to do transfer, but > in handshake stage, certificate didn't get authorized, so it comes to get > the badCertHandler, which I don't know how to add my own handler from the > very top level(HttpChannel), then it goes to the default dialog UI ask for > confirmUnknownIssuer(which I don't want to, this would add too much to our > project). > Would anybody give me a hint of how to add my custom badCertHandler, or > anyother solution for this problem?
Using a bad cert handler in that case is almost certainly the wrong thing to do. Defeating the cert chain validation will render your application completely vulnerable to various attacks, the very ones from which SSL (HTTPS) is intended to protect you. Why not use a valid cert from a known issuer? -- Nelson B _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
