cURL / Mailing Lists / curl-library / Single Mail


RE: "The Most Dangerous Code in the World"

From: Daniel Stenberg <>
Date: Thu, 25 Oct 2012 10:43:52 +0200 (CEST)

On Thu, 25 Oct 2012, Yehezkel Horowitz wrote:

> As to what we can do to make cURL even better (in order to protect
> unprofessional users that don't know what they are doing), We could make '1'
> to act as '2' (verify peer identity), and add a special magic value (i.e.
> 27934) that will act as todays '1' (check for CN existence but don't verify
> it).
> I think most of users do not intend to use '1' in the unsecure way, so most
> of them will be happy with this change of behavior.

Yes, I agree with this and I believe it could be an acceptable way forward. I
don't think 1 is used on purpose very much so it wouldn't hurt a lot.

List admin:
Received on 2012-10-25