On Thursday 24 March 2011 09:22:58 Daniel Stenberg wrote: > There's this incident that has been talked about the last couple of days > where "an attacker" managed to get several fraudulent SSL certificates for > public websites. > > Chrome and Firefox now both block these certificates explicitly. > > I assume there's reason for us to consider doing the same, to protect our > users who might use libcurl to access such sites. > > I'll appreciate feedback and ideas.
As for NSS-powered libcurl, this is going to be addressed at the NSS level: http://www.listware.net/201103/dev-tech-crypto/58508-announcing-a-nss-release-for-blocking-fraudulent-certificates.html https://bugzilla.mozilla.org/show_bug.cgi?id=642815 Kamil ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
