SSL Certificates

[Cliff Ingham]

The  EasySSL code was just my attempt to get SSL working at all.  If there's a better, more secure way, I'm all for it.

Truth be told, though - I believe the current CA system is a racket, and am not too worried about Man In The Middle attacks.  I keep hoping that one day, soon, we will have a replacement for the whole CA system.  I'm looking forward to Convergance being adopted.
http://en.wikipedia.org/wiki/Convergence_(SSL)

On 05/29/2013 07:12 AM, Rajul Bhatnagar wrote:> Also in the current code I see that EasySSLSocketFactory and
> EasyX509TrustManager is used. Why do we need this??
> Are we accepting self signed certificates anywhere.Also dont you think
> there are security implications of accepting any certificate???

[Rajul Bhatnagar]

Can you give me examples of URL's you were having trouble getting SSL working on so that I can test without them.

[Cliff Ingham]

I cannot remember exactly, but I believe it was when we were trying to
get it working for Bonn, Germany. However, I think they were using a
self-signed certificate at the time.

You see, this is why I now try to always enter an issue in the issue
tracker before working on any code change. I just can't remember why
certain code was written, otherwise.

I think it was
https://anliegen.bonn.de/georeport/v2/services.xml