← Back to index | Original Bugzilla link

Bug 9355 – [security] SSL certificate signature verification disabled in std.net.curl

Status: RESOLVED
Resolution: FIXED
Severity: regression
Priority: P2
Component: phobos
Product: D
Version: D2
Platform: All
OS: All
Creation time: 2013-01-19T12:02:00Z
Last change time: 2013-01-31T21:52:22Z
Assigned to: nobody
Creator: code

Comments

Comment #0 by code — 2013-01-19T12:02:41Z

See the discussion in https://github.com/D-Programming-Language/phobos/pull/1076. The commit changes the HTTP-related functions in std.net.curl to no longer verify the signature on the host certificate, rendering any D program using them susceptible to man-in-the-middle attacks.

Comment #1 by braddr — 2013-01-31T21:52:22Z

Fixed in https://github.com/D-Programming-Language/phobos/pull/1091