mirror of
https://github.com/irssi/irssi.git
synced 2024-11-03 04:27:19 -05:00
Warn people about the lack of certificate verification in the gnutls
code. git-svn-id: http://svn.irssi.org/repos/irssi/trunk@3863 dbcabf3a-b0e7-0310-adc4-f8d773084564
This commit is contained in:
dpash
parent
a72e65d9ed
commit
9d609752be
12
debian/NEWS.Debian
vendored
Normal file
12
debian/NEWS.Debian
vendored
Normal file
@ -0,0 +1,12 @@
|
||||
irssi (0.8.10~rc5-1) unstable; urgency=low
|
||||
|
||||
* This package has the beginnings of GNUTLS support for SSL rather
|
||||
than the upstream OpenSSL code. This may have many bugs in and is
|
||||
not feature complete. In particular it does not support verification
|
||||
of the server's certificate. As a result the connection is vunerable
|
||||
to man in the middle attack. This is only a regression if you use
|
||||
the -cafile or -capath options to /connect. The data is still
|
||||
encrypted.
|
||||
|
||||
-- David Pashley <david@davidpashley.com> Sun, 17 Jul 2005 19:39:37 +0300
|
||||
|
||||
Loading…
Reference in New Issue
Block a user