cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: "The Most Dangerous Code in the World"

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Mon, 29 Oct 2012 22:46:48 +0100 (CET)

On Mon, 29 Oct 2012, Alessandro Ghedini wrote:

> Anyway, I just run a quick grep on all the sources of the packages that
> build depend on libcurl and those that explicitly set CURLOPT_SSL_VERIFYPEER
> are very few, even less those that set it to 1 (possibily 5-6). This said I
> still have to check those that use php5-curl, pycurl, ... (but there aren't
> many).

Remember that these occurances may very well be actual security
vulnerabilities...

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Received on 2012-10-29