cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: "The Most Dangerous Code in the World"

From: Alessandro Ghedini <al3xbio_at_gmail.com>
Date: Tue, 6 Nov 2012 21:21:11 +0100

On Mon, Oct 29, 2012 at 09:43:08PM +0100, Alessandro Ghedini wrote:
> Anyway, I just run a quick grep on all the sources of the packages that build
> depend on libcurl and those that explicitly set CURLOPT_SSL_VERIFYPEER are very
> few, even less those that set it to 1 (possibily 5-6). This said I still have to
> check those that use php5-curl, pycurl, ... (but there aren't many).

Btw, today the new Debian Code Search service was launched [0] and of course
the first search I've done is [1] and then [2]. The interface is not optimal
as of now, but at least you don't have to download all the source packages.

Also, I've almost finished looking into the suspect Debian packages. I just
need to check the last few packages and put the whole data into a nice format.

Cheers

[0] http://codesearch.debian.net/
[1] http://codesearch.debian.net/search?q=CURLOPT_SSL_VERIFYHOST
[2] http://codesearch.debian.net/search?q=CURLOPT_SSL_VERIFYHOST%2C+1

-- 
perl -E '$_=q;$/= @{[@_]};and s;\S+;<inidehG ordnasselA>;eg;say~~reverse'

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html

Received on 2012-11-06