Not logged in. · Lost password · Register
Forum: Community Feature Requests RSS
permanently accept "bad" certificates

Announcement

11-16-2005, 12:33 by halr9000
Subject: Psi Groupchat (new address)
Join us at the Psi Groupchat (MUC)! Room name: psi@conference.psi-im.org
CybrMatt 07-13-2008, 02:23 #1
Member for 2 months · 8 posts
Group memberships: Members
Show profile · Link to this post
Subject: permanently accept "bad" certificates
I connect to a private server that always gives me an authenticity error on connection.  I don't have any way to admin said server, and therefore actually fixing the error is out of my control, yet I do know I trust the current certificate.  To make this situation less annoying, I'd like Psi's certificate dialog to allow me to "permanently accept" the certificate.  All web browsers, for example, offer something like this for dealing with self-signed certificates.  Once I choose to accept the certificate permanently, Psi should only prompt me again if a new certificate appears.  Of course, the option to just accept once should remain as well.
Voker57 07-13-2008, 02:45 #2
User title: ~quirks mode~
Member since 06/2007 · 14 posts
Group memberships: Members
Show profile · Link to this post
Account settings -> Ignore ssl warnings/errors
CybrMatt 07-13-2008, 03:05 #3
Member for 2 months · 8 posts
Group memberships: Members
Show profile · Link to this post
Yes, I'd considered this option, however there's a significant difference between it and what I'm suggesting.  Please consider:

- Ignore ssl warnings/errors means: "I don't care what kind of certificate this account uses, I don't want to see it."

- Permanently accept means: "The current certificate may have errors, however I've checked it and am willing to accept it.  If at any point this certificate changes, I'll need to re-evaluate it."

From a security standpoint, the ability to accept a single certificate at a time is key.  Ignoring all warnings entirely removes ssl authentication, while accepting a certificate simply allows for manual validation.  These are definitely not the same thing.
Avatar
machekku 07-13-2008, 04:33 #4
User title: Crazy guy from Poland
Member since 07/2004 · 819 posts · Location: Poland
Group memberships: Developers, Members
Show profile · Link to this post
Yes, there is a plan to provide such option.

For now, you can import this certificate to your system cert storage, or place it in Psi's cert directory.
Maciek "Machekku" Niedzielski
Psi developer
[Image: http://machekku.uaznia.net/jabber/jobble/map/jmpixel1.png]
damjan 07-19-2008, 12:55 #5
Member since 11/2002 · 15 posts · Location: Skopje, Macedonia
Group memberships: Members
Show profile · Link to this post
How do you do that?
Avatar
machekku 07-20-2008, 14:12 #6
User title: Crazy guy from Poland
Member since 07/2004 · 819 posts · Location: Poland
Group memberships: Developers, Members
Show profile · Link to this post
What operating system are you using?
Maciek "Machekku" Niedzielski
Psi developer
[Image: http://machekku.uaznia.net/jabber/jobble/map/jmpixel1.png]
Close Smaller – Larger + Reply to this post:
Smilies: :mellow: :huh: ^_^ :o ;) :P :D :lol: B) :rolleyes: -_- <_< :) :wub: :angry: :( :unsure: :wacko: :blink: :ph34r:
Special characters:

Go to forum
Unclassified NewsBoard devel of 20051113 © 2003-5 by Yves Goergen
Current time: 08-29-2008, 01:56:28 (UTC -04:00)