[23759] in bugtraq
Re: IE https certificate attack
daemon@ATHENA.MIT.EDU (Jim Knoble)
Tue Jan 8 17:28:32 2002
Date: Mon, 7 Jan 2002 18:22:02 -0500
From: Jim Knoble <jmknoble@pobox.com>
To: bugtraq@securityfocus.com
Message-ID: <20020107182202.Q9973@zax.half.pint-stowp.cx>
Mail-Followup-To: bugtraq@securityfocus.com
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="hIO1AjEoFJ7b3ahE"
Content-Disposition: inline
In-Reply-To: <20020106090423.GO12975@muppet.faveve.uni-stuttgart.de>; from delta@FaVeVe.Uni-Stuttgart.de on Sun, Jan 06, 2002 at 10:04:23AM +0100
--hIO1AjEoFJ7b3ahE
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Circa 2002-Jan-06 10:04:23 +0100 dixit Helmut Springer:
: On 03 Jan 2002 at 15:04 +0100, K.J.Mueller@EnBW.com wrote:
: > - w3m 0.1.11-pre
:=20
: Curent is w3m-0.2.3.2 and ssl_verify_server was added 2000.4.21.
Yes, but as of w3m-0.2.4, SSL server verification is disabled at
compile-time by default. It's necessary to explicitly enable it,
either by using the interactive mode of the configure script, or by
#defining USE_SSL_VERIFY in config.h after a non-interactive configure
ande before compiling.
You can check whether your w3m has SSL server verification enabled
using:
w3m -version
If "ssl-verify" appears in the version output, then w3m has SSL server
verification enabled.
And even if SSL server verification is enabled, it's not turned on by
default. You can turn it on via w3m's options screen (press 'o'
[lowercase letter Oh]).
--=20
jim knoble | jmknoble@pobox.com | http://www.pobox.com/~jmknoble/
(GnuPG fingerprint: 31C4:8AAC:F24E:A70C:4000::BBF4:289F:EAA8:1381:1491)
--hIO1AjEoFJ7b3ahE
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (Linux)
Comment: See http://www.pobox.com/~jmknoble/keys/ for my public key.
iEYEARECAAYFAjw6LZoACgkQKJ/qqBOBFJHomACfX5kMNFnIgTfQMyxM9L7r7X4P
m8wAnR6dnyfsG9Fds7ZJ5jhN1iHb4bmz
=IvGQ
-----END PGP SIGNATURE-----
--hIO1AjEoFJ7b3ahE--
