Re: [libgadu-devel] How to Report a Security Bug in libgadu
2013/6/15 Wojtek Kaniewski : > Dnia 2013-06-07, pią o godzinie 01:55 +0200, Bartosz Brachaczek pisze: >> So the functions of interest are: >> a) for OpenSSL: >> -- SSL_CTX_set_default_verify_paths() to use CA cert store configured >> during OpenSSL's build > > Does this function also verify the host name? It seems that it doesn't > but I'd like to be sure before I start looking into it. Yeah, you're right. It doesn't. --Bartosz ___ libgadu-devel mailing list libgadu-devel@lists.ziew.org http://lists.ziew.org/mailman/listinfo/libgadu-devel
Re: [libgadu-devel] How to Report a Security Bug in libgadu
Dnia 2013-06-07, pią o godzinie 01:55 +0200, Bartosz Brachaczek pisze: > So the functions of interest are: > a) for OpenSSL: > -- SSL_CTX_set_default_verify_paths() to use CA cert store configured > during OpenSSL's build Does this function also verify the host name? It seems that it doesn't but I'd like to be sure before I start looking into it. Regards, Wojtek ___ libgadu-devel mailing list libgadu-devel@lists.ziew.org http://lists.ziew.org/mailman/listinfo/libgadu-devel