Comments (8)
I've only been able to reproduce this problem with this query on this particular link.
from swipl-devel.
trivia just for fun - the Plumber's Friend advertised on the page is Annie's work. The site is a marketplace for virtual goods inside Second Life, and doesn't share tech stack with SL itself. The startup was bought out by Linden Labs.
from swipl-devel.
I would advise against any verification of this issue, given that the opening of the "pipe" allows the receipt of unverified certificates.
Remediation is suggested by disallowing a certificate to install without first being verified by either a check with a CA (certificate authority) or an MD5 or SHA1 hash.
from swipl-devel.
Did a little check. The URL results in a redirection loop. The recent rewrites to library(http/http_open)
have broken the redirection loop detection. This is now fixed (SWI-Prolog/packages-http@401d47f). The redirect is the result of redirecting to the same location after setting a cookie. By default, http_open/3 does not perform cookie handling. After loading library(http/http_cookie)
, the URL opens fine.
@FunctionAnalysis: little clue what you mean. This has nothing to do with certificates. The cert_accept_any
simply tells the SSL layer to ignore failed certificate validation, something which is pretty useful if you want to access HTTPS sites while you do not care about security issues.
from swipl-devel.
I understand that it accepts any cert, and understand that this makes connections easier. It also increases risk in terms of security, and not caring about security issues is a cause for just as much concern as accepting any ssl cert.
The SHA1 and MD5 are digital signature algorithms to either verify or reject a certificate, as is done with any symmetric based, handshake method used by SSL.
https://www.openssl.org/docs/manmaster/crypto/md5.html
https://ssltest39.ssl.symclab.com/
https://support.microsoft.com/en-us/kb/889768
SSL certificate validation should never be ignored, in my humble opinion.
The MD5 checksum is used to validate software itself, while the SHA1 (which has really, mostly been retired for SHA2) tests the security of SSL.
from swipl-devel.
I understand that. That is why the default is to do the checking. We have to live with the current development that more and more sites use HTTPS while not providing proper certificates and the client doesn't care much about SSL as there is no security risk for the client involved. That is why, e.g., curl has a --insecure
option and http_open/3 has a cert_accept_any
check.
from swipl-devel.
@JanWielemaker , Thank you for looking into this.
from swipl-devel.
I offer to review this further, and see if general ssl adjustments would help SWIPL.
On Dec 22, 2015, at 1:34 PM, Jan Wielemaker [email protected] wrote:
I understand that. That is why the default is to do the checking. We have to live with the current development that more and more sites use HTTPS while not providing proper certificates and the client doesn't care much about SSL as there is no security risk for the client involved. That is why, e.g., curl has a --insecure option and http_open/3 has a cert_accept_any check.
—
Reply to this email directly or view it on GitHub.
from swipl-devel.
Related Issues (20)
- Broken URL reference to FAQ/ToplevelMode.txt HOT 1
- .gitmodules file contains relative paths and not absolute paths HOT 1
- Bulding with ninja fails with error: 'man/utf8proc' missing and no known rule to make it HOT 1
- [s390x] fails to build ... division by zero in (SIZEOF_WORD/SIZEOF_CODE) HOT 2
- [ppc64le] fails to build WAM Table mismatch: wam_table[224(t_smallint)] == wam_table[226(t_smallintw)] HOT 1
- Mac: "SWI-Prolog" cannot be opened because the developer cannot be verified. HOT 1
- UBSAN errors, need inspection HOT 2
- Crashes at command line HOT 12
- Pack buildenv.sh SWIPL_CC doesn't match Prolog flag c_cc HOT 3
- Garbo.java:13: warning: [removal] finalize() in Object has been deprecated and marked for removal HOT 1
- linking of the package fails on ppc64le HOT 1
- FTBFS: division by zero error while building on s390x HOT 2
- test string:string_upper is locale dependent HOT 6
- binary-or-shlib-calls-gethostbyname issues HOT 2
- given prefix mode “fy” for atom "[]" ignored HOT 7
- error messages upon opening the prolog editor HOT 1
- small glitch in docu of library(dcg/high_order)).
- installing a local pack fails if git is not installed
- swipl-win >Run>New thread, no new console but an error HOT 1
- swi-prolog build crashed during documentation build HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from swipl-devel.