Comment # 7 on bug 1219688 from Paolo Perego 
(In reply to Imobach Gonzalez Sosa from comment #6)
> (In reply to Paolo Perego from comment #5)

[snip]

> > Another point of attention is for digital cerficate. Please make sure to let
> > the client validate the certificate when doing HTTPS calls. However I didn't
> > understand the scenario... both client and server will run on the same host,
> > correct?
> 
> Which is the right way to validate the certificate? Allowing the user to
> check the fingerprint?
Ok well... interacting with the browser, using a valid certificate, not self
signed. Interacting with a command line client, having the client validating
all the root of trust of the certificate.

eg:

> import requests
> requests.post(url='https://foo.example', data={'bar':'baz'})

> Following Cockpit's approach, when connecting to localhost, we do not see
> the need to use HTTPS. But when installing remotely, it is mandatory. Does
> it make sense?
It would require a lot of extra effort dividing the two cases... however it
makes sense to have http on a localhost only communication.

You are receiving this mail because: