On 10/7/09 4:00 PM, Guenter wrote:
Hi, is there any way to overwrite the default behaviour that a remote SSL host is verified against the CA list in the certdb?
At what level? Assuming you're asking in this newsgroup because you're writing code to use NSS directly (or through PSM) you could look at what PSM does to create "override" exceptions and just do that automatically.
If you're asking about how to do it from Firefox you could try the "MITM Me" addon (Description: "This add-on is a terrible idea, and you shouldn't install it.") https://addons.mozilla.org/en-US/firefox/addon/6843
Needless to say what you're proposing can't be called "SSL" anymore and there are sound security reasons SSL does not work that way. Using such a client to connect to commercial, financial, or government sites would be profoundly dangerous.
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
