cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Fraudulent Certificates

From: Kamil Dudka <kdudka_at_redhat.com>
Date: Thu, 24 Mar 2011 23:00:16 +0100

On Thursday 24 March 2011 09:22:58 Daniel Stenberg wrote:
> There's this incident that has been talked about the last couple of days
> where "an attacker" managed to get several fraudulent SSL certificates for
> public websites.
>
> Chrome and Firefox now both block these certificates explicitly.
>
> I assume there's reason for us to consider doing the same, to protect our
> users who might use libcurl to access such sites.
>
> I'll appreciate feedback and ideas.

As for NSS-powered libcurl, this is going to be addressed at the NSS level:

http://www.listware.net/201103/dev-tech-crypto/58508-announcing-a-nss-release-for-blocking-fraudulent-certificates.html

https://bugzilla.mozilla.org/show_bug.cgi?id=642815

Kamil
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2011-03-24

This message: [ Message body ]
Next message: Ben Noordhuis: "Re: Sending Https request over proxy aborts"
Previous message: taher daryani: "Sending Https request over proxy aborts"
In reply to: Daniel Stenberg: "Fraudulent Certificates"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]