Ask Your Question

How to turn off certificate checking

asked 2013-07-03 16:55:54 -0600

when using openid I'm getting back the openid is invalid. if I put the openid in a browser I get the openid xml file. If I curl the openid I get a bad certificate error. If I curl -k the open id it works fine. I believe askbot is using libcurl.

Is there a way to -k (turn off certificate checking)?

I'm the server admin so modifying code / files no biggie.

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2013-07-03 17:07:20 -0600

Evgeny's avatar

Askbot is using python openid library, you might need to dig it.

I don't think we should be changing this, as all mainstream openid providers take care of their certificates. It should be the responsibility of the openid provider not us, IMO.

edit flag offensive delete link more


Yea, changing library's is not my plan for sure. I was hoping for a "allow untrusted certificates" option. I'll live this open so others can leave their opinions.

mattben's avatar mattben  ( 2013-07-03 17:10:44 -0600 )edit

Maybe the library allows this then you can enable this in your fork of Askbot, we could add a option. I suspect this will be very rarely used though... Do you need this to support some DIY openid provider?

Evgeny's avatar Evgeny  ( 2013-07-03 17:14:31 -0600 )edit

Yes, that is the case, some of the nodes in our federation are not good at keeping there certificates up to date. So some nodes openid's work but ones that give a security warning on browsers do not.

mattben's avatar mattben  ( 2013-07-03 17:17:40 -0600 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools


Asked: 2013-07-03 16:55:54 -0600

Seen: 197 times

Last updated: Jul 03 '13