New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
By default accept self signed certificates #550
Comments
For now you can choose to ignore this type of error. |
I have basic impl for webkit backend as example, though i would appreciate some feedback (about using the settings for this or anything else which may not fit in your code-style or so). Thx in advance. Also while going through the *NetworkManager code, i would go for small code-compaction run, as imho lot of the code should/could be in base NM class, and at most overriden with parent calls if useful. |
@queria, we had it more compacted in the past, but since NM will be used only by QtWebKit and our internal stuff then it makes more sense as is, although for sure it could be improved. ;-) Do you have some gist or fork with initial patch? |
Sure it's in queria@3c4c1bc |
@queria, thanks, this looks very promising, but definitely needs some code formatting cleanup. ;-) |
Automatically accepting self-signed or any other certificates except those signed by approved root certificates seems like a very bad idea to me. Aside from this I think what Otter really needed is both an interactive method to ask whether or not an unknown certificate should be accepted and a method to import arbitrary root certificates. |
Hi, I get
(self signed certificate). How can I fix this? |
I have begun using Otter for my work, which entails logging in to my employer's intranet. The intranet uses a self-signed certificate. Every new tab I open on the intranet, it throws up the certificate error in Otter. And I need to open many tabs. Also, when I switch tabs, it throws up the certificate error.
There's a new browser called Fifth browser. The developer there has this idea: "Certificates will natively have SSH-like behavior: self-signed certs are fully trusted without warning, but if a certificate changes, all bells go off." To me this sounds like a right idea https://github.com/clbr/fifth/blob/master/DESIGN
Self-signed certificates are okay, but if the same domain suddenly feeds a different certificate, the browser should either throw up an error or offer acknowledgement/acceptance by the user. This would minimise the errors and make them more relevant.
The text was updated successfully, but these errors were encountered: