[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Why is HTTPS working? Server cert signed by GoDaddy, but they arenot listed as a CA in my certificate store....



Hi Charles,

I think your SSL validation setting is not set to strict;

Copies from a previous message in the list:

>>>>>>>>>>
saturday 22 december 2007 4:11
New BETA3 and Certificate Validation

Hi Folks,

I've added a new beta version of HTTPAPI to the following site:
http://www.scottklement.com/httpapi/beta/

This version has both the XML Callback Switching support from Thomas
Raddatz and the new certificate validation stuff that we've been talking
about here on the list.

The certificate validation support consists of a new API, and two new
exit points:

       http_strict() to enable/disable strict checking of a cert.

       HTTP_POINT_CERT_VAL - exit point for basic certificate validation
                (only validates the partner certificate at the end of the
                certificate chain)

       HTTP_POINT_GSKIT_CERT_VAL -- exit point that provides a hook into
                the Gskit's callback (gsk_set_attribute_callback) for
                certificate validation.  This feature requires V5R3
                or later.  On older systems, this feature will not
                work (but the other features will.)

Take a look at EXAMPLE22 and EXAMPLE23 for ideas of how to use these new
features.

*PLEASE* provide feedback to the mailing list.
Thanks!
-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------
>>>>>>>>>>

----- Original Message ----- 
From: "Charles Wilt" <charles.wilt@xxxxxxxxx>
To: "HTTPAPI and FTPAPI Projects" <ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
Sent: Friday, May 11, 2012 5:03 PM
Subject: Re: Why is HTTPS working? Server cert signed by GoDaddy, but they 
arenot listed as a CA in my certificate store....


I considered that...

But when looking at the certs, I don't see any reference to any other 
signer...

Here's the cert, as dumped by HTTPAPI...if anybody with more expertise
wants to look...

-----BEGIN CERTIFICATE-----
MIIFaTCCBFGgAwIBAgIHJ8oGt9+S4zANBgkqhkiG9w0BAQUFADCByjELMAkGA1UE
BhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAY
BgNVBAoTEUdvRGFkZHkuY29tLCBJbmMuMTMwMQYDVQQLEypodHRwOi8vY2VydGlm
aWNhdGVzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkxMDAuBgNVBAMTJ0dvIERhZGR5
IFNlY3VyZSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTERMA8GA1UEBRMIMDc5Njky
ODcwHhcNMTIwMjAxMTYyOTIyWhcNMTQwMzAxMTg0OTQ4WjBbMRowGAYDVQQKDBEq
Lm1lcmN1cnlnYXRlLm5ldDEhMB8GA1UECwwYRG9tYWluIENvbnRyb2wgVmFsaWRh
dGVkMRowGAYDVQQDDBEqLm1lcmN1cnlnYXRlLm5ldDCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBAMHbuWX9qJMPBHyMBQMoLgmai9eUcuIAmL+3EAyx8z4a
lhptpQDy/iUD+V6/U33W5x9htdXNm0HiRXw36DXZ6x14S67mmq2gV8QmvJPzerbH
vdwEyPH7LkTytIjbXaXC6zdTpGSZ3/h6SI8Qhbhy+9uuk8ulKIFscwzf9Zfx9Zv4
b4j0Yhtdee1EbLi1TJ4w1Q+LD1iiIsFOdLnVoYcOG4lNVy62lz56rjt+wCjJhO+Y
rhlVB84s1ku8mRwRm+c9lsiJG3icXP5pxgeWlfLfEG6dnGZwN3jeauvFQNaDBo7y
7wA4s3xQmwaHUCYgiRKZNhdpL1E2rb5kET3ndTLBJ+ECAwEAAaOCAcAwggG8MA8G
A1UdEwEB/wQFMAMBAQAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA4G
A1UdDwEB/wQEAwIFoDAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLmdvZGFk
ZHkuY29tL2dkczEtNjMuY3JsMFMGA1UdIARMMEowSAYLYIZIAYb9bQEHFwEwOTA3
BggrBgEFBQcCARYraHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBv
c2l0b3J5LzCBgAYIKwYBBQUHAQEEdDByMCQGCCsGAQUFBzABhhhodHRwOi8vb2Nz
cC5nb2RhZGR5LmNvbS8wSgYIKwYBBQUHMAKGPmh0dHA6Ly9jZXJ0aWZpY2F0ZXMu
Z29kYWRkeS5jb20vcmVwb3NpdG9yeS9nZF9pbnRlcm1lZGlhdGUuY3J0MB8GA1Ud
IwQYMBaAFP2sYTKTbEXW4u6FX5q653aZaMznMC0GA1UdEQQmMCSCESoubWVyY3Vy
eWdhdGUubmV0gg9tZXJjdXJ5Z2F0ZS5uZXQwHQYDVR0OBBYEFDejSbwkyrDvpSLv
dbDHt+kwgBCxMA0GCSqGSIb3DQEBBQUAA4IBAQAQLW9sIWex0ITpu1Exm2Rmp+Jp
89q2URFga6fQrf+O79A4h54srgiZiGEIxpYhBIGMOusTnvnVU6ag/OoInapG7oaP
zXBrs5bvUw5T7QzG6LsIpKIpiTDatNcAQncUOyRtBecWjqUEMw7rc5SrAjom3KY3
r5CHfRCeYv1sOy/nDoZkcQViJc4gcPr/5Q/XtwOcCgjLzGNy27iukbSNsqtleXRu
rN/wNNmamZcOHCfHTaYfvqgdBlPxPqlcBItvHdxCy4OHFcv9c4nkBDzXJotFMhhs
dVU/twusscWc2b7AHTke+Xlxn8akKxg9/8ix0y3nSOVEGthk4aiYnO9R+QIz
-----END CERTIFICATE-----

Charles
--


On Fri, May 11, 2012 at 9:02 AM, Mike Wills <mike@xxxxxxxxxxxx> wrote:
> I think they are underwritten (is that the right terminology?) by
> another certificate provider.
>
-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
----------------------------------------------------------------------- 

-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------