https://www.paypal.com/en_US/i/icon/secure_lock_2.gif Don't worry, that can be done later. Let's test it first.
Right now I'm working on allowing self-signed certificates to be accepted long-term. OpenSSL has some weird ideas on how to do things.
BTW, have you given a look to GnuTLS? (It has an OpenSSL compatibility layer and seems better documented).
No, I have not checked that out. I will take a look at it to see how it looks. I personally figure that OpenSSL is more likely to be installed on a given system than GnuTLS (which is an issue) and more thoroughly tested. But I will definetively check to see if it gives us any significant advantages.
gives me the warning dialog. Is this OK?
Warnings are OK.
Yes, I meant to ask: Is really PayPal sending this image with a certificate that can't be trusted?
The certificate seems to be trustable to me, but the lock is an image that is sent wether or not the connection is secure. In short, it is just there to make the customer feel better. I'll have more stuff for you shortly. - Garrett Kajmowicz