<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Sorry for the spam, but the messages weren't coming through. I guess
the queue was released now.<br>
<br>
I'd like to suggest to all RPs and OPs making use of PHP to update the
ca-bundle of cURL/libcurl, since the one shipped with cURL is from the
year 2000!! extracted from Netscape 4.7. Replace it with the one from
here: <a class="moz-txt-link-freetext" href="http://curl.haxx.se/ca/cacert.pem">http://curl.haxx.se/ca/cacert.pem</a><br>
<br>
See also <a class="moz-txt-link-freetext" href="http://curl.haxx.se/docs/sslcerts.html">http://curl.haxx.se/docs/sslcerts.html</a> for more information.
I'm currently actively trying to solve this issue directly with cURL
and Mozilla concerning some licensing concerns.<br>
<br>
Eddy Nigg (StartCom Ltd.) wrote:
<blockquote cite="mid:47AC2325.3090806@startcom.org" type="cite">Trying
to login at <a moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://wiki.openid.net/">http://wiki.openid.net/</a> which fails
however using
the StartSSL OP (<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://www.startssl.com">http://www.startssl.com</a>). The ID
URIs are https only,
which could be the cause of the problem? Maybe libcurl needs updating
of the ca-bundle (a common cause with wordpress openid plugin, not sure
about this one..). I'd be glad if somebody can have a look at this...<br>
<br>
Basically I'd like to add the StartSSL provider to
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://wiki.openid.net/OpenIDServers#Identity_Providers">http://wiki.openid.net/OpenIDServers#Identity_Providers</a>
or perhaps to
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://wiki.openid.net/OpenIDServers#Other_Services_Providing_Identity_Services">http://wiki.openid.net/OpenIDServers#Other_Services_Providing_Identity_Services</a>
.<br>
<br>
StartSSL creates automatically an openid URI identity with every
account created. There are tens of thousands of accounts and
potentially more added every year via StartSSL. Not comparable to
providers like Yahoo or AOL in numbers, but still not bad. StartSSL
however implements phishing-resistant and multi-factor policies by
default, with multi-factor-physical upon user request in the near
future.<br>
<br>
<div class="moz-signature">-- <br>
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td colspan="2">Regards </td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
<tr>
<td>Signer: </td>
<td>Eddy Nigg, <a moz-do-not-send="true"
href="http://www.startcom.org">StartCom Ltd.</a></td>
</tr>
<tr>
<td>Jabber: </td>
<td><a moz-do-not-send="true" href="xmpp:startcom@startcom.org">startcom@startcom.org</a></td>
</tr>
<tr>
<td>Blog: </td>
<td><a moz-do-not-send="true" href="http://blog.startcom.org">Join
the Revolution!</a></td>
</tr>
<tr>
<td>Phone: </td>
<td>+1.213.341.0390</td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
</tbody>
</table>
</div>
<pre wrap="">
<hr size="4" width="90%">
_______________________________________________
general mailing list
<a class="moz-txt-link-abbreviated" href="mailto:general@openid.net">general@openid.net</a>
<a class="moz-txt-link-freetext" href="http://openid.net/mailman/listinfo/general">http://openid.net/mailman/listinfo/general</a>
</pre>
</blockquote>
<br>
<div class="moz-signature">-- <br>
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td colspan="2">Regards </td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
<tr>
<td>Signer: </td>
<td>Eddy Nigg, <a href="http://www.startcom.org">StartCom Ltd.</a></td>
</tr>
<tr>
<td>Jabber: </td>
<td><a href="xmpp:startcom@startcom.org">startcom@startcom.org</a></td>
</tr>
<tr>
<td>Blog: </td>
<td><a href="http://blog.startcom.org">Join the Revolution!</a></td>
</tr>
<tr>
<td>Phone: </td>
<td>+1.213.341.0390</td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
</tbody>
</table>
</div>
</body>
</html>