When loading, saving or synchronizing with a url using https KeePass fails to validate the certificate. In reviewing the source it appears that this is done intentionally to allow self signed certificates however this greatly weakens the protection of SSL.
I have created a patch (attached) that provides adds an option to Allow Invalid Certificates. This will allow users who connect to servers with invalid certificates to continue to function and allow those (such as myself) who would like the full protection of SSL.
The patch defaults to requiring valid certificates, which I think is appropriate for software that claims high levels of security.
Please let me know if you prefer the patch in a different format.
Log in to post a comment.