cURL / Mailing Lists / curl-library / Single Mail


Re: CVE-2013-4545 and GnuTLS backend

From: Oscar Koeroo <>
Date: Sat, 30 Nov 2013 10:56:25 +0100

Op 30/11/13 10:41, Daniel Stenberg schreef:
> CVE-2013-4545 is a real if even rather miniscule risk to a small set of
> programs. In fact I only know of one that is affected.

I now (better) understand the motivations for the change. I personally
rate this as a security through obscurity solution which in effect does
add something.

I just hope nobody sees the new fix as an opportunity to leverage a
wider disabling of the peer cert check.

my 2cts,

List admin:
Received on 2013-11-30