On Sun, 28 Oct 2012, Yehezkel Horowitz wrote:
I thus suggest we simply ban 1 as a value in an upcoming release. This will
fource users to use 2 instead and when copying such code back to older
libcurl-using code that will improve the code running there as well!
You can't force users to use 2, since if they are not reading the documents,
they might also ignore the return code (I'm not sure which mistake is worse
;-).
Correct. But since 2 is already the default, setting an illegal value and
ignoring the return code will make 2 remain set...
I suggest turning on the bit 'data->set.ssl.verifyhost' in case we got '1'
as argument (yet return the error code) to keep the code secure.
Yes, that's basically what happens with my suggested patch.
--
/ daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
