curl-library
Re: Fraudulent Certificates
Date: Thu, 24 Mar 2011 23:00:16 +0100
On Thursday 24 March 2011 09:22:58 Daniel Stenberg wrote:
> There's this incident that has been talked about the last couple of days
> where "an attacker" managed to get several fraudulent SSL certificates for
> public websites.
>
> Chrome and Firefox now both block these certificates explicitly.
>
> I assume there's reason for us to consider doing the same, to protect our
> users who might use libcurl to access such sites.
>
> I'll appreciate feedback and ideas.
As for NSS-powered libcurl, this is going to be addressed at the NSS level:
https://bugzilla.mozilla.org/show_bug.cgi?id=642815
Kamil
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2011-03-24