[Ur] Using Persona Authentication API
Sergey Mironov
grrwlf at gmail.com
Wed Dec 11 05:26:47 EST 2013
Thanks! I've reinstalled curl with
--with-ca-bundle=/path/to/bundle.crt enabled and now persona works
with
curl_easy_setopt(c, CURLOPT_SSL_VERIFYPEER, 1);
Regards,
Sergey
2013/12/11 Chris Double <chris.double at double.co.nz>:
> On Wed, Dec 11, 2013 at 8:14 AM, Sergey Mironov <grrwlf at gmail.com> wrote:
>> It is possible to workaround it by changing CURLOPT_SSL_VERIFYPEER to
>> 0. This probably means that I don't have some important certificates
>> installed (I'm not an SSL expert, so I may be wrong). Can anybody
>> advise me what to check first?
>
> The verify peer check is from a reccomendation in the Persona
> 'Security Considerations' document:
>
> <https://developer.mozilla.org/en/Persona/Security_Considerations>
> "You must ensure that your HTTPS request verifies the certificate
> sent from the server against a trusted root certificate. If you don't,
> then an attacker could pose as verifier.login.persona.org and issue
> false verifications."
>
> If you are on Linux you can update the certificate store that cURL
> uses by following this:
>
> <http://www.mylinuxguide.com/ssl-root-certificate-update-in-linux-for-curl/>
>
> Chris.
> --
> http://www.bluishcoder.co.nz
>
> _______________________________________________
> Ur mailing list
> Ur at impredicative.com
> http://www.impredicative.com/cgi-bin/mailman/listinfo/ur
More information about the Ur
mailing list