[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Octave-bug-tracker] [bug #46882] urlread: allowing https without certif
|
From: |
Oliver Heimlich |
|
Subject: |
[Octave-bug-tracker] [bug #46882] urlread: allowing https without certificate validation |
|
Date: |
Thu, 14 Jan 2016 07:09:32 +0000 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Firefox/38.0 Iceweasel/38.5.0 |
Follow-up Comment #1, bug #46882 (project octave):
It is dangerous to ignore invalid certificates by default. Also it is likely
to see more valid certificates in the future given that (1) more and more
browsers refuse to show sites with invalid certificates and (2) it gets easier
to install valid certificates (Let's Encrypt).
In general you would switch to unencrypted HTTP on any site with invalid
certificates, because HTTPS would be pretty useless in these cases anyway.
(Well, you could argue that you have at least some encryption which helps
against non-intercepting(!) third-parties.)
However, it would be useful to have an option to ignore invalid certificates
for sites that could otherwise not be accessed, e. g., if plain HTTP was not
available and you don't want to set up an exception for that certificate.
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?46882>
_______________________________________________
Nachricht gesendet von/durch Savannah
http://savannah.gnu.org/