[OpenID] Bug in OpenID RP implementations
Eric Norman
ejnorman at doit.wisc.edu
Thu Jan 1 19:52:51 UTC 2009
On Jan 1, 2009, at 12:14 PM, Andrew Arnott wrote:
> Because of that, the list of CAs that work with http://nerdbank.org is
> whatever list GoDaddy happens to use (since they happen to host that
> web site).
That may be the case, but it's probably not relevant or at best
only a part of the problem.
When I tried going to nerdbank.org/rp and typing in an OpenID
that starts with "https:", the server at nerdbank changed it
to "http:" and used that to connect with my OP. Other than
the fact that I don't appreciate the weakening of security,
it also failed and said "Login failed: The 'openid.identity'
parameter was expected to have the value 'https:...' but had
'http:...' instead".
Eric Norman
More information about the general
mailing list