#
4849ab6c |
|
09-Nov-2015 |
Adrien Destugues <pulkomandy@pulkomandy.tk> |
BHttpRequest: add SSL certificate exception management. When an HTTPS request uses an SSL certificate that OpenSSL considers untrusted, and the user decides to continue anyway, add the certificate to an exception list. Match certificates against this list and don't ask the user again if they are already there. Fixes #12004. Thanks to markh for the initial patch and peeking into the WebKit code!
|
#
6c32f50a |
|
08-Nov-2015 |
Adrien Destugues <pulkomandy@pulkomandy.tk> |
BCertificate: fixup the API * Add an operator== and a copy constructor * Make the getters const so they are easier to use
|
#
c86ad7f9 |
|
04-Nov-2014 |
Adrien Destugues <pulkomandy@gmail.com> |
Add more features in BCertificate class * Make it possible to extract more useful data from the certificate * Also get the OpenSSL error message when a certificate can't be validated. Send it to the verification failure callback so it can be shown to the user.
|
#
dad49763 |
|
22-Feb-2014 |
Julian Harnath <julian.harnath@rwth-aachen.de> |
Disallow copy-construction of BCertificate. * Prevents accidential creation of multiple instances with ownership of same fPrivate.
|
#
67af469e |
|
16-Jan-2014 |
Adrien Destugues <pulkomandy@pulkomandy.tk> |
Fix time_t/bigtime_t mixup. Thanks stippi for noticing!
|
#
5ebdc799 |
|
15-Jan-2014 |
Adrien Destugues <pulkomandy@pulkomandy.tk> |
SecureSocket: add some certificate support * Instead of creating an OpenSSL context ofor each socket, use a global one and initialize it lazily when the first SecureSocket is created * Load the certificates from our certificate list so SSL certificates sent by servers can be validated. * Add a callback for signalling that certificate validation failed, the default implementation proceeds with the connection anyway (to keep the old behavior). * Introduce BCertificate class, that provides some information about a certificate. Currently it's only used by the callback mentionned above, but it will be possible to get the leaf certificate for the connection after it's established. Review of the API and implementation is welcome, before I start making use of this in HttpRequest and WebKit to allow the user to accept new certificates.
|
#
c86ad7f93b8836113d6e40aa7972614ddbaf7e16 |
|
04-Nov-2014 |
Adrien Destugues <pulkomandy@gmail.com> |
Add more features in BCertificate class * Make it possible to extract more useful data from the certificate * Also get the OpenSSL error message when a certificate can't be validated. Send it to the verification failure callback so it can be shown to the user.
|
#
dad49763d8c3e52c572b1aa15a3c3c7280e7179a |
|
22-Feb-2014 |
Julian Harnath <julian.harnath@rwth-aachen.de> |
Disallow copy-construction of BCertificate. * Prevents accidential creation of multiple instances with ownership of same fPrivate.
|
#
67af469ef049e6a66a9a8512c8a7479f6b66712a |
|
16-Jan-2014 |
Adrien Destugues <pulkomandy@pulkomandy.tk> |
Fix time_t/bigtime_t mixup. Thanks stippi for noticing!
|
#
5ebdc79955caf4781dfffd14b57849ce40df2117 |
|
15-Jan-2014 |
Adrien Destugues <pulkomandy@pulkomandy.tk> |
SecureSocket: add some certificate support * Instead of creating an OpenSSL context ofor each socket, use a global one and initialize it lazily when the first SecureSocket is created * Load the certificates from our certificate list so SSL certificates sent by servers can be validated. * Add a callback for signalling that certificate validation failed, the default implementation proceeds with the connection anyway (to keep the old behavior). * Introduce BCertificate class, that provides some information about a certificate. Currently it's only used by the callback mentionned above, but it will be possible to get the leaf certificate for the connection after it's established. Review of the API and implementation is welcome, before I start making use of this in HttpRequest and WebKit to allow the user to accept new certificates.
|