cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: "The Most Dangerous Code in the World"

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Mon, 29 Oct 2012 13:42:01 +0100 (CET)

On Mon, 29 Oct 2012, Oscar Koeroo wrote:

> I've send an email yesterday evening about all the various backends and how
> they implement, for example, RFC2818 compliance and in particular I checked
> how this VERIFYHOST setting is actually used and I'd like to propose the
> removal or muting (for backwards compatibility) of the use of the VERIFYHOST
> setting completely.

Sorry, but that's not now I read it and I disagree. I'm all for removing the
difference between 1 and 2, which is what I'm suggesting and read your
excellent write-up as backing up my position.

I did not see a motivation to completely remove the support to disable the
host name verification. Can you elaborate on why you think we should or need
to do that?

That feature is WIDELY used and thus we simply cannot do that without an
SONAME bump and that is a major headache and road block.

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html

Received on 2012-10-29

This message: [ Message body ]
Next message: Oscar Koeroo: "Re: "The Most Dangerous Code in the World""
Previous message: Oscar Koeroo: "Re: "The Most Dangerous Code in the World""
In reply to: Oscar Koeroo: "Re: "The Most Dangerous Code in the World""
Next in thread: Oscar Koeroo: "Re: "The Most Dangerous Code in the World""
Reply: Oscar Koeroo: "Re: "The Most Dangerous Code in the World""

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]