Please note that the tlslite the dependency has been removed from
Electrum since version 2.4.1.
The only part of tlslite that was used in Electrum was the RSA
implementation; it is now added to the electrum lib.
Thomas
Le 03/08/2015 21:50, Tristan Seligmann a écrit :
>
> However, the primary issue is still dealing with tlslite somehow: I do not
> think the FTP masters / security team will be happy with me distributing an
> embedded copy of tlslite in the electrum package, and I don't feel
> comfortable maintain
On 08/03/2015 10:41 AM, Tristan Seligmann wrote:
> In addition,
> quite a bit of the certificate handling code does things incorrectly
> (see eg. the certificate chain verification code[1] that does not
> check the certificate purpose, allowing anyone with a valid cert to
> sign a fraudulent cert a
On 08/03/2015 10:41 AM, Tristan Seligmann wrote:
> Unfortunately there are some significant challenges with 2.0+. The
> primary issue is the dependency on tlslite, which was removed from
> Debian previously due to being insecure and unmaintained. In addition,
> quite a bit of the certificate handli
4 matches
Mail list logo
