On 10/25/2012 07:16 AM, SM wrote:
Hi Daniel,
At 13:45 24-10-2012, Daniel Stenberg wrote:
The Most Dangerous Code in the World: Validating SSL Certificates in
Non-Browser Software is a report from 6 authors I noticed today:
http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf
cURL is also
cURL is also mentioned in the FAQ at
https://crypto.stanford.edu/~dabo/pubs/abstracts/ssl-client-bugs.html
This is the quote from the FAQ
Q: How do I use cURL securely?
A: CURLOPT_SSL_VERIFYPEER must be set to TRUE, CURLOPT_SSL_VERIFYHOST must be
left to its default value or set to 2.
On Thu, 25 Oct 2012, Yehezkel Horowitz wrote:
As to what we can do to make cURL even better (in order to protect
unprofessional users that don't know what they are doing), We could make '1'
to act as '2' (verify peer identity), and add a special magic value (i.e.
27934) that will act as
As to what we can do to make cURL even better (in order to protect
unprofessional users that don't know what they are doing), We could make '1'
to act as '2' (verify peer identity), and add a special magic value (i.e.
27934) that will act as todays '1' (check for CN existence but don't
On Thu, 25 Oct 2012, JALINDAR wrote:
I got to know how to open know socket number using CURLOPT_LOCALPORT but how
to wait on this socket?
libcurl opens its own sockets normally. CURLOPT_LOCALPORT is used to make
libcurl bind the local end of the socket to a specific port.
Use the multi /
On Thu, Oct 25, 2012 at 07:28:28PM +0800, JALINDAR wrote:
Then how to get at least opened socket for handle by libcurl.as i
have to send this port number to the server
This is obviously not for one of the standard protocols that libcurl
supports, then. There is a way to get the
Daniel Stenberg in gmane.comp.web.curl.library (Wed, 24 Oct 2012
22:45:17 +0200 (CEST)):
From what I understand, the single reason behind that statement is that we
have the CURLOPT_SSL_VERIFY HOST option which takes a three-value option and
not just a boolean. The authors found several source
It's made it to slashdot
http://it.slashdot.org/story/12/10/25/2020223/ssl-holes-found-in-critical-non-browser-software
---
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html