Hi Gianni I agree that accepting the auto-signed certificate without prompt would be a potential security breach.
However, I think there should be a dialog automatically opened by the OS asking the user what to do (or at least delegate the dialog implementation to the app itself). I am developping a sailfish app that is connected to an owncloud instance. Most of the time, the average geek (including me :) ) is using auto-signed ssl certificate. I don't want to force the user to use http where https could be used. I don't know C++ so I'm not really ready to play with QNetwork. Maybe I'll find something on the internet... Regards, Antoine -- Tigre-Bleu mail/jabber: antoine.vac...@tigre-bleu.net ----- Mail original ----- De: "Gianni Vialetto" <gia...@rootcube.net> À: "Sailfish OS Developers" <devel@lists.sailfishos.org> Envoyé: Samedi 9 Novembre 2013 12:25:54 Objet: Re: [SailfishDevel] Ignoring auto signed SSL certificates On Fri, Nov 8, 2013 at 7:26 PM, Tigre-Bleu < de...@tigre-bleu.net > wrote: Hello, The open() function of XMLHttpRequest seems to not work with auto signed ssl certificates. I have checked with valid certificates and there is no problem. Is this the expected behavior? If so how am I supposed to fetch some data from an auto signed https page using QML? Thanks, Antoine Hi Antoine, I cannot confirm it without diving into the implementation, but i believe the behavior of XHR you are seeing is reasonable from a security point of view - the alternative could be to prompt the user for confirmation. As an alternative you could construct the connection with QNetwork classes from the C++ side (the QSslConfiguration class should have a method to add a new CA to the list of those accepted). Regards, -- Gianni Vialetto _______________________________________________ SailfishOS.org Devel mailing list
_______________________________________________ SailfishOS.org Devel mailing list
