New Winsock Gateway Control - CERT-VALIDATION
From CometWiki
Contents |
New Winsock Gateway (TCP Device) Control - CERT-VALIDATION
A new CERT-VALIDATION control has been added to the winsock gateway (TCP Device) for managing SSL certificate verification on the host side. Using this new control, you can tell the winsock gateway how to behave based on the certificate received from the host.
Usage
This control, like the SSL-ENABLE control, must be issued prior to connecting to the remote server. The syntax is as follows:
result$ = control(LUN, "CERT-VALIDATION value")
Where value can be one of three options:
VERIFY VERIFY-AND-ASK (default) DONOT-VERIFY
If the CERT-VALIDATION control is not specified, the default behavior is VERIFY-AND-ASK.
Options
VERIFY
VERIFY
This option ensures the certificate is valid before connecting. The connection will fail if verification fails. This is the recommended setting for security, as the connection will not be allowed for invalid or broken certificates.
VERIFY-AND-ASK
VERIFY-AND-ASK
This is the default option, and was the only behavior prior to Comet release 540.
Attempts verification and if there is an issue (invalid or broken certificate) Comet will pop up a message box asking the user if they wan to trust the certificate. This option is good to ensure the user is aware if the certificate is invalid, but requires user interaction for the XAP program to continue.
DONOT-VERIFY
DONOT-VERIFY
Skips verification and allows connections even with invalid certificates. This option can be useful for testing with invalid or broken certificates, but is not recommended for security reasons.
