Bugtraq mailing list archives
Re: IE https certificate attack
From: Jim Knoble <jmknoble () pobox com>
Date: Mon, 7 Jan 2002 18:22:02 -0500
Circa 2002-Jan-06 10:04:23 +0100 dixit Helmut Springer: : On 03 Jan 2002 at 15:04 +0100, K.J.Mueller () EnBW com wrote: : > - w3m 0.1.11-pre : : Curent is w3m-0.2.3.2 and ssl_verify_server was added 2000.4.21. Yes, but as of w3m-0.2.4, SSL server verification is disabled at compile-time by default. It's necessary to explicitly enable it, either by using the interactive mode of the configure script, or by #defining USE_SSL_VERIFY in config.h after a non-interactive configure ande before compiling. You can check whether your w3m has SSL server verification enabled using: w3m -version If "ssl-verify" appears in the version output, then w3m has SSL server verification enabled. And even if SSL server verification is enabled, it's not turned on by default. You can turn it on via w3m's options screen (press 'o' [lowercase letter Oh]). -- jim knoble | jmknoble () pobox com | http://www.pobox.com/~jmknoble/ (GnuPG fingerprint: 31C4:8AAC:F24E:A70C:4000::BBF4:289F:EAA8:1381:1491)
Attachment:
_bin
Description:
Current thread:
- AW: IE https certificate attack K . J . Mueller (Jan 05)
- Re: AW: IE https certificate attack Florian Weimer (Jan 07)
- Re: IE https certificate attack Helmut Springer (Jan 07)
- Re: IE https certificate attack Jim Knoble (Jan 08)
- Re: AW: IE https certificate attack Ben Laurie (Jan 07)
- Re: AW: IE https certificate attack George Staikos (Jan 07)