Re: can't verify SSL cert
Date: Sat, 21 Feb 2009 14:03:36 +0100
Am Freitag, 20. Februar 2009 22:44:09 schrieb Daniel Stenberg:
> The question is thus what "secure" means. When you can't verify the
> server's certificate, you cannot know that you're actually talking to the
> right server but it might isntead be an impostor that pretends to be the
> server you want to contact. Then you get an encryped and "secure"
> connection, but to the wrong server - without knowing it.
in this context I would like to mention CVE-2008-5077:
Received on 2009-02-21