#9086: Check SSL lib for vulnerability ---------------------------+------------------------------- Reporter: andrewz | Owner: nobody Type: enhancement | Status: closed Priority: normal | Milestone: R1 Component: - General | Version: R1/alpha3 Resolution: fixed | Keywords: SSL vulnerability Blocked By: | Blocking: Has a Patch: 0 | Platform: All ---------------------------+------------------------------- Comment (by pulkomandy): http://web.archive.org/web/20121127051829/http://threatpost.com/en_us/blogs /ssl-vulnerabilities-found-critical-non-browser-software-packages-102512 This is a well-known problem with OpenSSL, if nothing special is done it will accept any certificate without checking. BSecureSocket enables certificate checking, and cals a callback when the certificate can't be validated. The default implementation of the callback is to continue anyway. Applications which need a secure connection must override the callback and act as appropriate. -- Ticket URL: <https://dev.haiku-os.org/ticket/9086#comment:5> Haiku <https://dev.haiku-os.org> Haiku - the operating system.