cURL / Mailing Lists / curl-library / Single Mail


Re: "The Most Dangerous Code in the World"

From: Jan Ehrhardt <>
Date: Thu, 25 Oct 2012 16:32:40 +0200

Daniel Stenberg in gmane.comp.web.curl.library (Wed, 24 Oct 2012
22:45:17 +0200 (CEST)):
>From what I understand, the single reason behind that statement is that we
>have the CURLOPT_SSL_VERIFY HOST option which takes a three-value option and
>not just a boolean. The authors found several source codes that treated it as
>a boolean and set it to TRUE (== 1) and thus it doesn't check the certificate

Did you see this discussion in the php-mailinglist:


List admin:
Received on 2012-10-25