[sword-devel] MiTM
Jaak Ristioja
jaak at ristioja.ee
Sun Sep 18 11:02:53 MST 2016
Looking at the source it looks more like its used for FTP instead :)
https://github.com/bibletime/crosswire-sword-mirror/blob/trunk/src/mgr/curlhttpt.cpp
J
On 18.09.2016 20:55, Greg Hellings wrote:
> https://curl.haxx.se/libcurl/c/CURLOPT_SSL_VERIFYPEER.html
>
> Is curlhttpt.c used for HTTPS? I don't have the source in front of me,
> but that name suggests it is only for the raw HTTP connection.
>
> --Greg
>
>
> On Sep 18, 2016 12:05 PM, "DM Smith" <dmsmith at crosswire.org
> <mailto:dmsmith at crosswire.org>> wrote:
>
> I'll look into it.
>
>
> On Sep 18, 2016, at 11:20 AM, Jaak Ristioja <jaak at ristioja.ee
> <mailto:jaak at ristioja.ee>> wrote:
>
>> Hi!
>>
>> In src/mgr/curlhttpt.cpp:
>>
>> /* Disable checking host certificate */
>> curl_easy_setopt(session, CURLOPT_SSL_VERIFYPEER, false);
>>
>> Why? Afaik this allows the use of self-signed certificates for MiTM.
>>
>> Best regards,
>> J
>>
>> _______________________________________________
>> sword-devel mailing list: sword-devel at crosswire.org
>> <mailto:sword-devel at crosswire.org>
>> http://www.crosswire.org/mailman/listinfo/sword-devel
>> <http://www.crosswire.org/mailman/listinfo/sword-devel>
>> Instructions to unsubscribe/change your settings at above page
>
> _______________________________________________
> sword-devel mailing list: sword-devel at crosswire.org
> <mailto:sword-devel at crosswire.org>
> http://www.crosswire.org/mailman/listinfo/sword-devel
> <http://www.crosswire.org/mailman/listinfo/sword-devel>
> Instructions to unsubscribe/change your settings at above page
>
>
>
> _______________________________________________
> sword-devel mailing list: sword-devel at crosswire.org
> http://www.crosswire.org/mailman/listinfo/sword-devel
> Instructions to unsubscribe/change your settings at above page
>
More information about the sword-devel
mailing list