curl-library
those SSL certificates
Date: Wed, 21 Aug 2002 20:54:01 +0200 (MET DST)
Tom, Cris, Bram and everyone else!
I've read the ssl certificate thread(s) with the greatest interest and I am
of course eager to make curl work as good as possible in this aspect (too).
I've read some interesting suggestions and I'm all ears on what you think is
the best path for us to take for the next release of curl. All theories put
together with all our current and future users in mind.
Personally, I'd like to add a short informational text when connecting to
https:// sites without peer verification (using the curl tool), that shows
with -v or possibly directly to stderr. It would say something like this:
*** Warning: without enabled peer certificate verificaton, the server can be
*** forged and you won't notice.
The library code would however not be affected with this, as I hope, believe
and expect libcurl users to be more aware of these issues.
I'm also very interested in suggestions on how to improve the documentation
so that these issues become more apparent to users.
I'm listening.
-- Daniel Stenberg -- curl related mails on curl related mailing lists please ------------------------------------------------------- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390Received on 2002-08-21