cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: "The Most Dangerous Code in the World"

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Tue, 30 Oct 2012 23:26:11 +0100 (CET)

On Sat, 27 Oct 2012, Nick Zitzmann wrote:

> Here is a patch that rolls this out to curl_darwinssl.c as well. I noticed
> that my code had always ignored that option. Now, before you panic and start
> writing up a CVE, let me point out that it always ignored that option and
> always verified the domain name unless the host in the URL was an IP
> address. There just wasn't any way to turn that off.
>
> This patch makes it possible to disable that check, just like in the other
> TLS/SSL back-ends. Please add this onto your patch.

Thanks, I've incorporated it into my patch!

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Received on 2012-10-30