cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: SSL sample (again)

From: Goetz Babin-Ebell <babin-ebell_at_trustcenter.de>
Date: Tue, 16 Dec 2003 22:22:58 +0100

Hello Jerry,

Jerry G. Chiuan wrote:
>>Jerry G. Chiuan wrote:
>>

>>That is not good.
>>HTTPS without peer verification is useless.
>>
>>You can turn off client authentication,
>>but you never should turn of peer cert verification.
>
> ya, I agree with this point
> but I forgot to mention that my usage depends on users totally trust the
> peer, and can bypass the peer verification
> e.g. users link to their own company's site

Ahem.

For the user being able to trust the peer,
the user must ensure he is really talking with the peer.

And for that he must do peer verification...

Bye

Goetz

-- 
Goetz Babin-Ebell, TC TrustCenter AG, http://www.trustcenter.de
Sonninstr. 24-28, 20097 Hamburg, Germany
Tel.: +49-(0)40 80 80 26 -0,  Fax: +49-(0)40 80 80 26 -126

-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills. Sign up for IBM's
Free Linux Tutorials. Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click

application/x-pkcs7-signature attachment: S/MIME Cryptographic Signature

Received on 2003-12-16

This message: [ Message body ]
Next message: Andrés García: "Re: gethostbyname & MinGW build problem"
Previous message: DOMINICK C MEGLIO: "RE: FTP large file support patch"
In reply to: Jerry G. Chiuan: "Re: SSL sample (again)"
Next in thread: Adrian Michel: "RE: Libcurl binaries for msvc 6"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]