Op 30/11/13 10:41, Daniel Stenberg schreef:
> CVE-2013-4545 is a real if even rather miniscule risk to a small set of
> programs. In fact I only know of one that is affected.
I now (better) understand the motivations for the change. I personally
rate this as a security through obscurity solution which in effect does
add something.
I just hope nobody sees the new fix as an opportunity to leverage a
wider disabling of the peer cert check.
my 2cts,
Oscar
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
