[Cyberduck-trac] [Cyberduck] #2938: Failure during certificate trust verification
Cyberduck
trac at trac.cyberduck.ch
Wed Feb 18 13:37:50 CET 2009
#2938: Failure during certificate trust verification
---------------------------------------+------------------------------------
Reporter: cyberduck_ch.ttl@… | Owner: dkocher
Type: defect | Status: new
Priority: high | Milestone: 3.1.3
Component: ftp-tls | Version: 3.1.2
Severity: critical | Keywords: FTP-TLS, SSL, certificate
---------------------------------------+------------------------------------
Changes (by cyberduck_ch.ttl@…):
* milestone: 3.2 => 3.1.3
Comment:
I think Cyberduck must be relying on how the Keychain handles
certificates, because a similar thing happens in Safari. The difference
there is that Safari only asks for one confirmation per session, while
Cyberduck asks for it many times during the session.
Maybe the answer is to either stop using Keychain for certificate
handling, or add an exception within Cyberduck. In the old program FTPeel,
there was an option called "Don't verify root certificates" … Maybe we
need something like that in Cyberduck.
Other FTP programs seem to handle this problem just fine, but I don't know
how they handle certificates. Maybe Cyberduck could use the "Allow
security exception" procedure that Firefox uses.
--
Ticket URL: <http://trac.cyberduck.ch/ticket/2938#comment:4>
Cyberduck <http://cyberduck.ch>
FTP, SFTP, WebDAV and Amazon S3 Browser for Mac OS X.
More information about the Cyberduck-trac
mailing list