Re: Changing to HTTPS
Date: Wed, 11 May 2005 17:07:19 +0200
On Wed, May 11, 2005 at 05:46:42PM +0300, ext-venkatesh.hosur_at_nokia.com wrote:
> ii. In the client code the CURL option, CURLOPT_SSL_VERIFYPEER will be set to ZERO.
> Its assumed that the Server which is being connected is
> trustworthy. Only thing thats needed is the secure communication.
> So, by just doing the above two changes in teh code can we get a
> secure communicaiton ?
No, the communication will not be secure, a man-in-the-middle attack is
possible. Set CURLOPT_SSL_VERIFYPEER!=0 and CURLOPT_CAINFO. Don't just
pretend to be secure, BE secure!
-- __ _ |_) /| Richard Atterer | GnuPG key: | \/¯| http://atterer.net | 0x888354F7 ¯ '` ¯Received on 2005-05-11