On Wed, Nov 28, 2007 at 07:47:52AM +0100, paranoid paranoia wrote:
> actually... that's more like a quick hack that happens to work for me,
> since i set CURLOPT_SSL_VERIFYPEER to 0 after having spent a
> few hours trying to force curl to *not* make any checks. ideally, if
> the cipher spec only alllows anonymous key exchange or pre-shared
> keys, one shouldn't have to explicitly disable peer verification...

I'm not so sure about that. Would that allow a man-in-the-middle attack to
take place? The middleman would only need to use an anonymous key
and the user would never know he wasn't connected to the desired server.

>>> Dan

-- 
http://www.MoveAnnouncer.com              The web change of address service
          Let webmasters know that your web site has moved