On Sat, May 26, 2018 at 5:39 PM, <[email protected]> wrote: >>> That's a crime against security! >> >> Say what? > > That’s a hyperbole. The thing is that when you don’t verify the peer’s > certificate, then you’re vulnerable to MitM attack with fake certificate > injection. The whole SSL/TLS is totally useless in that moment. It’s more or > less like putting the door’s key under the carpet right in front of the > door. > > Allowing to bypass/ignore certificate verification is ok-ish in some > situations, but only when the user do it consciously, using explicit option > such as --no-check-certificate, not silently as the default option.
wget.c: //config: If you still think this is unacceptable, send patches. //config: //config: If you still think this is unacceptable, do not want to send //config: patches, but do want to waste bandwidth explaining how wrong //config: it is, you will be ignored. _______________________________________________ busybox mailing list [email protected] http://lists.busybox.net/mailman/listinfo/busybox
