when using openid I'm getting back the openid is invalid. if I put the openid in a browser I get the openid xml file. If I curl the openid I get a bad certificate error. If I curl -k the open id it works fine. I believe askbot is using libcurl.
Is there a way to -k (turn off certificate checking)?
I'm the server admin so modifying code / files no biggie.
Askbot is using python openid library, you might need to dig it.
I don't think we should be changing this, as all mainstream openid providers take care of their certificates. It should be the responsibility of the openid provider not us, IMO.
Yea, changing library's is not my plan for sure. I was hoping for a "allow untrusted certificates" option. I'll live this open so others can leave their opinions.
Maybe the library allows this then you can enable this in your fork of Askbot, we could add a settings.py option. I suspect this will be very rarely used though... Do you need this to support some DIY openid provider?
Yes, that is the case, some of the nodes in our federation are not good at keeping there certificates up to date. So some nodes openid's work but ones that give a security warning on browsers do not.
Comments