[sword-devel] MiTM

Greg Hellings greg.hellings at gmail.com
Sun Sep 18 10:55:23 MST 2016


https://curl.haxx.se/libcurl/c/CURLOPT_SSL_VERIFYPEER.html

Is curlhttpt.c used for HTTPS? I don't have the source in front of me, but
that name suggests it is only for the raw HTTP connection.

--Greg

On Sep 18, 2016 12:05 PM, "DM Smith" <dmsmith at crosswire.org> wrote:

> I'll look into it.
>
>
> On Sep 18, 2016, at 11:20 AM, Jaak Ristioja <jaak at ristioja.ee> wrote:
>
> Hi!
>
> In src/mgr/curlhttpt.cpp:
>
>    /* Disable checking host certificate */
>    curl_easy_setopt(session, CURLOPT_SSL_VERIFYPEER, false);
>
> Why? Afaik this allows the use of self-signed certificates for MiTM.
>
> Best regards,
> J
>
> _______________________________________________
> sword-devel mailing list: sword-devel at crosswire.org
> http://www.crosswire.org/mailman/listinfo/sword-devel
> Instructions to unsubscribe/change your settings at above page
>
>
> _______________________________________________
> sword-devel mailing list: sword-devel at crosswire.org
> http://www.crosswire.org/mailman/listinfo/sword-devel
> Instructions to unsubscribe/change your settings at above page
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.crosswire.org/pipermail/sword-devel/attachments/20160918/ec9f05da/attachment.html>


More information about the sword-devel mailing list