Thanks for reply. I see what you mean. For now, on our server we just generate this certificate for testing, so it is not real valid cert. Using firefox, if I permanently accept the certificate, the warning won't popup again. can I do the same thing in my client application?
Thanks, "Nelson B" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Kate X wrote: >> Hi, Now I am kind of stuck at this: >> We are building application using xpcom components. I am trying to add >> SSL >> support for our client, and I am using nsIHttpChannel interface to >> request a >> HTTP/HTTPS page. For HTTP works fine, when trying to open HTTPS page, >> first >> it will initializeNSS, then try to create secure socket to do transfer, >> but >> in handshake stage, certificate didn't get authorized, so it comes to get >> the badCertHandler, which I don't know how to add my own handler from the >> very top level(HttpChannel), then it goes to the default dialog UI ask >> for >> confirmUnknownIssuer(which I don't want to, this would add too much to >> our >> project). >> Would anybody give me a hint of how to add my custom badCertHandler, or >> anyother solution for this problem? > > Using a bad cert handler in that case is almost certainly the wrong thing > to do. Defeating the cert chain validation will render your application > completely vulnerable to various attacks, the very ones from which SSL > (HTTPS) is intended to protect you. > > Why not use a valid cert from a known issuer? > > -- > Nelson B _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
