]> git.ipfire.org Git - thirdparty/freeswitch.git/commit
projects / thirdparty / freeswitch.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6d1469d) | patch
Add warning when using HTTPS with mod_curl
authorTravis Cross <tc@traviscross.com>
Thu, 21 Aug 2014 22:17:35 +0000 (22:17 +0000)
committerTravis Cross <tc@traviscross.com>
Thu, 21 Aug 2014 22:24:04 +0000 (22:24 +0000)
commitb2f59dd2003d8323108c249ce6fb5016eba6b5ed
tree00bf3b6ca12776c8de09ad6bca1d3fad709dcb98tree | snapshot
parent6d1469d2fbf0053042cca5edf2cb0a2ced325503commit | diff
Add warning when using HTTPS with mod_curl

mod_curl currently does not verify the authenticity of the peer's
certificate, and does not verify whether the common name on the
certificate matches the server.  This makes mod_curl initiated TLS
connections completely insecure.  We should fix this, but until we do,
we'll warn people that it's not doing what they may think it is.

ref: http://curl.haxx.se/libcurl/c/CURLOPT_SSL_VERIFYPEER.html
ref: http://curl.haxx.se/libcurl/c/CURLOPT_SSL_VERIFYHOST.html
src/mod/applications/mod_curl/mod_curl.c diff | blob | blame | history
Mirror of https://github.com/signalwire/freeswitch.git