cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: "The Most Dangerous Code in the World"

From: Jan Ehrhardt <phpdev_at_ehrhardt.nl>
Date: Thu, 25 Oct 2012 16:32:40 +0200

Daniel Stenberg in gmane.comp.web.curl.library (Wed, 24 Oct 2012
22:45:17 +0200 (CEST)):
>From what I understand, the single reason behind that statement is that we
>have the CURLOPT_SSL_VERIFY HOST option which takes a three-value option and
>not just a boolean. The authors found several source codes that treated it as
>a boolean and set it to TRUE (== 1) and thus it doesn't check the certificate
>properly.

Did you see this discussion in the php-mailinglist:
http://comments.gmane.org/gmane.comp.php.devel/76531

Jan

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2012-10-25