On 31/10/2016 19:00, rich...@quicksilvercollectibles.com wrote:
I cannot say I know for a fact these binaries came from the original source code or aren't otherwise tampered with. The original OpenSSL files you downloaded were signed. Then you don't sign. Then I do sign. You're sort of a broken link in the security chain.
You can only be sure the binaries are fine, and the result of the original source code, if you build them yourself and the system where you build them is clean. Providing the hash files for the ICS downloads is not a complicated thing, but will only grant you the download wasn't tampered, by a MiM attack (having HTTPS access on overbyte.be would reduce this possibility), while downloading.
-- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be