cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: can't verify SSL cert

From: Guenter Knauf <lists_at_gknw.net>
Date: Sat, 21 Feb 2009 14:03:36 +0100

Hi,
Am Freitag, 20. Februar 2009 22:44:09 schrieb Daniel Stenberg:
> The question is thus what "secure" means. When you can't verify the
> server's certificate, you cannot know that you're actually talking to the
> right server but it might isntead be an impostor that pretends to be the
> server you want to contact. Then you get an encryped and "secure"
> connection, but to the wrong server - without knowing it.
in this context I would like to mention CVE-2008-5077:
http://www.openssl.org/news/secadv_20090107.txt

GŁn.
Received on 2009-02-21