self-signed https certificate handling
Submitted by Christophe Fergeau
I've been working on code which makes https connections to a remote broker (ovirt). It's not unusual that this remote broker uses a self signed certificate. Such a certificate does not give us any guarantee about the identity of the remote server, the self signed certificate might have been self signed by an attacker who is trying to run a man-in-the-middle attack. Warning the user about this and trying to get him not to connect to the remote server is not user-friendly at all, witness the firefox dialog for this situation.
So no idea what we should do here, design input would be great!