jrd/irssi
1
0
Fork 0
forked from PsychoticNinja/irssi
Code Issues Pull Requests Projects Releases Wiki Activity

Warn people about the lack of certificate verification in the gnutls

Browse Source 
code.


git-svn-id: http://svn.irssi.org/repos/irssi/trunk@3863 dbcabf3a-b0e7-0310-adc4-f8d773084564
This commit is contained in:
dpash 2005-07-17 16:40:28 +00:00
parent a72e65d9ed
commit 9d609752be
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
debian/NEWS.Debian vendored Normal file
View File

@ -0,0 +1,12 @@
irssi (0.8.10~rc5-1) unstable; urgency=low
* This package has the beginnings of GNUTLS support for SSL rather
than the upstream OpenSSL code. This may have many bugs in and is
not feature complete. In particular it does not support verification
of the server's certificate. As a result the connection is vunerable
to man in the middle attack. This is only a regression if you use
the -cafile or -capath options to /connect. The data is still
encrypted.
-- David Pashley <david@davidpashley.com> Sun, 17 Jul 2005 19:39:37 +0300