Dear Gobby users, libinfinity 0.6.6 has been released. This is a bugfix release in the 0.6.x series. It fixes a problem where a server's certificate would silently be accepted even though it failed verification if no certificate pinning is performed, i.e. the hostname matches and its CA is trusted. A potential client-side crash is also fixed which occured when a server is shut down while still being connected. It is recommended that all users update to this new version of libinfinity.
c65f9f13f17afb4db2ec8cfaf5f01ce5 libinfinity-0.6.6.tar.gz Kind regards, Armin Burgmeier, 0x539 dev group libinfinity 0.6.6: * Fix certificates being only verified for expiration and other criteria such as weak algorithms if the CA is not trusted. (gobby #61) * Fix some assertion failures and inconsistencies in InfTextFixlineBuffer. * Fix a client-side crash when the server shuts down ordinarily while still connected. [1] http://releases.0x539.de/libinfinity/libinfinity-0.6.6.tar.gz
signature.asc
Description: This is a digitally signed message part
