cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: "The Most Dangerous Code in the World"

From: Oscar Koeroo <okoeroo_at_nikhef.nl>
Date: Mon, 29 Oct 2012 22:23:03 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 29-10-12 21:43, Alessandro Ghedini wrote:
> Anyway, I just run a quick grep on all the sources of the packages that
> build depend on libcurl and those that explicitly set
> CURLOPT_SSL_VERIFYPEER are very few, even less those that set it to 1
> (possibily 5-6). This said I still have to check those that use
> php5-curl, pycurl, ... (but there aren't many).
>
> So, overall I think the impact of the change could be much lower than I
> thought and the testing/fixing part won't take very much (I hope).

Did you check if these application deviated from the libcurl defaults? I'm
interested which deviated from the default libcurl package into either
specifically GnuTLS or OpenSSL.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iEYEARECAAYFAlCO87YACgkQawxpIncqyrgDCQCdEK8jyjndoUjNOkIv7iYKzx2X
2sgAn22KgWEtbnc99m2WHzuT7BR04dF8
=vFe2
-----END PGP SIGNATURE-----
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2012-10-29