[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Octave-bug-tracker] [bug #46882] urlread: allowing https without certif
|
From: |
Michael Hirsch |
|
Subject: |
[Octave-bug-tracker] [bug #46882] urlread: allowing https without certificate validation |
|
Date: |
Tue, 12 Jan 2016 20:31:40 +0000 |
|
User-agent: |
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:43.0) Gecko/20100101 Firefox/43.0 |
URL:
<http://savannah.gnu.org/bugs/?46882>
Summary: urlread: allowing https without certificate
validation
Project: GNU Octave
Submitted by: mhirsch
Submitted on: Tue 12 Jan 2016 08:31:39 PM GMT
Category: Octave Function
Severity: 3 - Normal
Priority: 5 - Normal
Item Group: Matlab Compatibility
Status: None
Assigned to: None
Originator Name: Michael Hirsch
Originator Email:
Open/Closed: Open
Discussion Lock: Any
Release: dev
Operating System: Any
_______________________________________________________
Details:
As more and more websites are rightly enabling HTTPS, some benign sites such
as scientific data sites or intranet servers have self-certified certificates
that Octave/libcurl chokes on with:
error: urlread: Peer certificate cannot be authenticated with given CA
certificates
while Matlab urlread() and webread() read them fine. An example URL is:
https://amisr.asf.alaska.edu/
yielding the libcurl cert error.
I believe one could patch libinterp/corefcn/urlwrite.cc
with an option like:
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, FALSE)
as Matlab seems to not verify or care about authenticating certificates with
webread() or urlread().
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?46882>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
- [Octave-bug-tracker] [bug #46882] urlread: allowing https without certificate validation,
Michael Hirsch <=