> When downloading ICS and the OpenSSL binaries you provide, I've > never been able to find any sig, sha, or md5 files for checking > authenticity.
ICS itself is source code, so in theory is not a security risk. We don't provide any authentication for our builds of the OpenSSL tools because no-one has ever asked, and we don't have the means to easily automate it. Doing so would involve time better spent supporting ICS. You don't have to use the ICS build OpenSSL tools, there are other Windows versions out there you can use instead. One thing that could be done with a new command batch file is to digitally sign the OpenSSL DLLs, which you can already do for your own customers. But ICS does have an authenticode certificate and is not a company so might have trouble actually buying one (they are expensive) so they'd probably need to be signed by my company as Magenta Systems Ltd. But at least that would protect against tampering. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be