Only available when logged in.

**daniel:// stenberg://** @bagder@mastodon.social · Feb 11

daniel:// stenberg:// @bagder@mastodon.social

"disabling cert checks: we have not learned much"

I put my ramblings into a blog post

**daniel:// stenberg://** @bagder@mastodon.social · Feb 12

daniel:// stenberg:// @bagder@mastodon.social

Dominik @chrastecky@phpc.social

@bagder Heh, I know exactly which deleted Mastodon post triggered that rant, it was the first thing I noticed in the code, too.

**daniel:// stenberg://** @bagder@mastodon.social · Feb 12

daniel:// stenberg:// @bagder@mastodon.social

@chrastecky it is a little "weak" to have that post deleted I must confess...

**Dominik** @chrastecky · Feb 12

Dominik @chrastecky

@bagder Yep, though they've at least fixed the CURLOPT_SSL_VERIFYPEER, so it wasn't all for nothing.

The CURLOPT_SSL_VERIFYHOST stayed at false (coerced to 0), though, but I feel it's the lesser evil of the two (would that be a correct conclusion?).

**daniel:// stenberg://** @bagder@mastodon.social · Feb 12

daniel:// stenberg:// @bagder@mastodon.social

@chrastecky without verifying the name, someone can use a legit cert from site A for site B without that being noticed

**Dominik** @chrastecky · Feb 12

Dominik @chrastecky

@bagder Yeah, I understood it that way.

Drag & drop to upload

Back