cURL / Mailing Lists / curl-library / Single Mail

curl-library

RE: "The Most Dangerous Code in the World"

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Thu, 25 Oct 2012 10:43:52 +0200 (CEST)

On Thu, 25 Oct 2012, Yehezkel Horowitz wrote:

> As to what we can do to make cURL even better (in order to protect
> unprofessional users that don't know what they are doing), We could make '1'
> to act as '2' (verify peer identity), and add a special magic value (i.e.
> 27934) that will act as todays '1' (check for CN existence but don't verify
> it).
>
> I think most of users do not intend to use '1' in the unsecure way, so most
> of them will be happy with this change of behavior.

Yes, I agree with this and I believe it could be an acceptable way forward. I
don't think 1 is used on purpose very much so it wouldn't hurt a lot.

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Received on 2012-10-25