cURL / Mailing Lists / curl-library / Single Mail


Re: Fraudulent Certificates

From: Kamil Dudka <>
Date: Thu, 24 Mar 2011 23:00:16 +0100

On Thursday 24 March 2011 09:22:58 Daniel Stenberg wrote:
> There's this incident that has been talked about the last couple of days
> where "an attacker" managed to get several fraudulent SSL certificates for
> public websites.
> Chrome and Firefox now both block these certificates explicitly.
> I assume there's reason for us to consider doing the same, to protect our
> users who might use libcurl to access such sites.
> I'll appreciate feedback and ideas.

As for NSS-powered libcurl, this is going to be addressed at the NSS level:

List admin:
Received on 2011-03-24