cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: CVE-2013-4545 and GnuTLS backend

From: Oscar Koeroo <okoeroo_at_nikhef.nl>
Date: Sat, 30 Nov 2013 10:56:25 +0100

Op 30/11/13 10:41, Daniel Stenberg schreef:
> CVE-2013-4545 is a real if even rather miniscule risk to a small set of
> programs. In fact I only know of one that is affected.

I now (better) understand the motivations for the change. I personally
rate this as a security through obscurity solution which in effect does
add something.

I just hope nobody sees the new fix as an opportunity to leverage a
wider disabling of the peer cert check.

my 2cts,

Oscar
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2013-11-30

This message: [ Message body ]
Next message: Daniel Stenberg: "Re: CVE-2013-4545 and GnuTLS backend"
Previous message: Daniel Stenberg: "Re: CVE-2013-4545 and GnuTLS backend"
In reply to: Daniel Stenberg: "Re: CVE-2013-4545 and GnuTLS backend"
Next in thread: Daniel Stenberg: "Re: CVE-2013-4545 and GnuTLS backend"
Reply: Daniel Stenberg: "Re: CVE-2013-4545 and GnuTLS backend"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]