Code review comment for lp:~camptocamp/openobject-addons/7.0-fix_1196847

On 07/02/2013 01:48 PM, Nicolas Bessi - Camptocamp wrote:
> Even if we use SSL we have to ensure it is not only used for encryption but
> also for source authentication and reject any action if authentication
> fails.

Yes, server-side certificate chain validation is a key part of the TLS
protocol[1], and it is enabled by default on all HTTPS stacks.
It does not require any extra work on OpenERP Publisher Warranty servers
because they are already deployed with valid SSL certificates.

> This kind of authentication/security should also be required by the internal
> "app store" of OpenERP.

The OpenERP Apps integration in OpenERP 7.0 is done using HTTPS.

[1] https://tools.ietf.org/html/rfc5246#section-7.4.2