This is not going well.
If we use VerifyPeer, the AOk parameter is false,
even if we are connecting to known good certs.
I'm expecting True if it is a good cert and false if
there is a problem with it.
Then I expect to be able to force a connection if
I decide to overrule, or cause it to fail if the info in
the cert doesn't jive with what I have. But if the
param always says that the cert is bad, then my
whole scheme falls apart.
So we quit using VerifyPeer.
Now it goes to the other extreme. It cheerfully
lets us connect to sites with known untrusted certs
and successfully establishes a SSL session.
Granted it does return a 401, but that's because
we didn't send login info.
Downloaded the latest (unreleased) developer snapshot
and SSL libs. No change.
I'd go with a commercial product, but they are so
expensive they are way overkill for this little project.
--
Thanks,
Brad.
