First time here? Check out the FAQ!
0

How to turn off certificate checking

when using openid I'm getting back the openid is invalid. if I put the openid in a browser I get the openid xml file. If I curl the openid I get a bad certificate error. If I curl -k the open id it works fine. I believe askbot is using libcurl.

Is there a way to -k (turn off certificate checking)?

I'm the server admin so modifying code / files no biggie.

mattben's avatar
1
mattben
asked 2013-07-03 16:55:54 -0500
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0

Askbot is using python openid library, you might need to dig it.

I don't think we should be changing this, as all mainstream openid providers take care of their certificates. It should be the responsibility of the openid provider not us, IMO.

Evgeny's avatar
13.2k
Evgeny
answered 2013-07-03 17:07:20 -0500
edit flag offensive 0 remove flag delete link

Comments

Yea, changing library's is not my plan for sure. I was hoping for a "allow untrusted certificates" option. I'll live this open so others can leave their opinions.

mattben's avatar mattben (2013-07-03 17:10:44 -0500) edit

Maybe the library allows this then you can enable this in your fork of Askbot, we could add a settings.py option. I suspect this will be very rarely used though... Do you need this to support some DIY openid provider?

Evgeny's avatar Evgeny (2013-07-03 17:14:31 -0500) edit

Yes, that is the case, some of the nodes in our federation are not good at keeping there certificates up to date. So some nodes openid's work but ones that give a security warning on browsers do not.

mattben's avatar mattben (2013-07-03 17:17:40 -0500) edit
add a comment see more comments