[Dillo-dev] how about if we make a 3.0.5
eocene at gmx.com
Fri Jun 12 23:43:34 CEST 2015
> SSL3 and compression are not the main issue.
> HTTPS in dillo is completely broken because it does not check for domain
> name in the certificate.
> hg tip has checking code copied from wget and current dillo release has
> no code for it at all. It means that Dillo accepts any valid certificate
> as a certificate for, let's say, gmail. You can get one from StartSSL
> for free and test, it works.
Right, I hadn't wanted to do any real New Work for 3.0.5 that would require
a somewhat higher level of scrutiny and testing, but all right, I'll take
a look at gluing that stuff into the https dpi.
More information about the Dillo-dev