cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: New to curl

From: Yang Tse <yangsita_at_gmail.com>
Date: Thu, 20 Oct 2011 18:35:36 +0200

2011/10/20 Daniel Stenberg wrote:

> The client MUST verify the server certificate against a CA cert bundle, to
> know that you're in fact talking to the correct server. This verification
> can be skipped, but then it makes the TLS connection insecure. But the
> connection would still be encrypted and not possible to eavesdrop on.

Last part of last sentence above isn't exact.

Without server certificate verification the connection is insecure. <Full stop>

Without server certificate verification the connection is encrypted
and a MITM eavesdropping or modifying encrypted data is perfectly
possible.

-- 
-=[Yang]=-
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html

Received on 2011-10-20

This message: [ Message body ]
Next message: Daniel Stenberg: "Re: New to curl"
Previous message: Bryan.James.Krone-EXT_at_jci.com: "curl_easy_perform() is slow"
In reply to: Daniel Stenberg: "Re: New to curl"
Next in thread: Daniel Stenberg: "Re: New to curl"
Reply: Daniel Stenberg: "Re: New to curl"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]