On 01/24/2011 12:12 PM, Ben Bucksch wrote:
I filed bug 628312 above the original problem that don't have an API to
set the expected host, and have a prototype fix, but can't get it to work.
Can somebody help, please? This is a blocker for me right now, I can't
deploy XMPP without STARTTLS.
The correct solution would be to fix the certificate on the server.
But you've probably ruled that out as impractical for some reason.
Here are some incorrect solutions, which may or may not be insecure or
no less of a pain to deploy than a software update across all Mozilla
clients:
* Put a self-signed cert on the server and have clients trust that.
* Make your own CA and issue a cert to the server and have clients trust
that CA.
* On each client, make an /etc/hosts file entry for the certificate's CN
pointing to the server's IP address.
* Run your protocol on some TCP port free on the actual server of the
certificate's CN and have it forward those connections to you.
- Marsh
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
