[Cyberduck-trac] [Cyberduck] #2938: Failure during certificate trust verification

Wed Feb 18 13:37:50 CET 2009

#2938: Failure during certificate trust verification
---------------------------------------+------------------------------------
 Reporter:  cyberduck_ch.ttl@…         |       Owner:  dkocher                  
     Type:  defect                     |      Status:  new                      
 Priority:  high                       |   Milestone:  3.1.3                    
Component:  ftp-tls                    |     Version:  3.1.2                    
 Severity:  critical                   |    Keywords:  FTP-TLS, SSL, certificate
---------------------------------------+------------------------------------
Changes (by cyberduck_ch.ttl@…):

  * milestone:  3.2 => 3.1.3

Comment:

 I think Cyberduck must be relying on how the Keychain handles
 certificates, because a similar thing happens in Safari. The difference
 there is that Safari only asks for one confirmation per session, while
 Cyberduck asks for it many times during the session.

 Maybe the answer is to either stop using Keychain for certificate
 handling, or add an exception within Cyberduck. In the old program FTPeel,
 there was an option called "Don't verify root certificates" … Maybe we
 need something like that in Cyberduck.

 Other FTP programs seem to handle this problem just fine, but I don't know
 how they handle certificates. Maybe Cyberduck could use the "Allow
 security exception" procedure that Firefox uses.

-- 
Ticket URL: <http://trac.cyberduck.ch/ticket/2938#comment:4>
Cyberduck <http://cyberduck.ch>
FTP, SFTP, WebDAV and Amazon S3 Browser for Mac OS X.