Re: SSL is broken on FreeBSD

看板FB_security作者時間14年前 (2011/04/05 04:01), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串28/42 (看更多)
On Fri, Apr 01, 2011 at 03:32:51PM +0100, Istv嫕 wrote: > FreeBSD ships OpenSSL but it is broken because there is no CA. Right, > it is like shipping a car without wheels, I suppose. While I agree somewhat with your sentiment, SSL is not necessarily broken without CA certificates, as it's completely possible to do TOFU verification ala SSH. However, I think it's an appropriate time to mention again that there is at least one place in base that does indeed have broken SSL support, namely libfetch. To do SSL properly, you can do CA certificate verification or you can do TOFU, but libfetch still accepts any certificate it encounters, without user warning. _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
更多 lx. 的文章
文章代碼(AID): #1DcYD-Dp (FB_security)
討論串 (同標題文章)
完整討論串 (本文為第 28 之 42 篇):
排序: 最新先 | 最舊先 | 留言數
在新視窗開啟完整討論串 (共42篇)
更多 lx. 的文章
文章代碼(AID): #1DcYD-Dp (FB_security)