On Mon, 29 Oct 2012, Alessandro Ghedini wrote:
Anyway, I just run a quick grep on all the sources of the packages that build depend on libcurl and those that explicitly set CURLOPT_SSL_VERIFYPEER are very few, even less those that set it to 1 (possibily 5-6). This said I still have to check those that use php5-curl, pycurl, ... (but there aren't many).
Remember that these occurances may very well be actual security vulnerabilities...
-- / daniel.haxx.se ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
