Re: [VOTE] TLS Peer Verification

From:	Joe Watkins	Date:	Tue, 17 Dec 2013 16:23:08 +0000
Subject:	Re: [VOTE] TLS Peer Verification
References:	1 2 3 4 5 6 7 8 9	Groups:	php.internals
Request:	Send a blank email to [email protected] to get a copy of this message

On 12/17/2013 04:06 PM, Andrea Faulds wrote:


On 17/12/13 11:51, Joe Watkins wrote:
     I'm saying that we should, definitely, accept the patch; in this
specific case we can fix the implementation or security issue without
affecting behaviour,

Unfortunately that's not true. To fix the security issue REQUIRES
affecting behaviour. Otherwise it's not fixed.


If the CA file is present with verification enabled the vast majority of requests will execute as they do now, but securely. Most of the time, no evident change. If the CA file is not present change is introduced, lots of it.

Changing the behaviour of the language from an internals perspective does not and should not mean changing the behaviour of code unless that is the intention behind the change, obviously.

Cheers
Joe


   

Thread (29 messages)

• Daniel LowreyTue, 17 Dec 2013 01:08:15 +0000
  • Stas MalyshevTue, 17 Dec 2013 01:42:15 +0000
    • Daniel LowreyTue, 17 Dec 2013 02:03:40 +0000
      • Joe WatkinsTue, 17 Dec 2013 08:01:38 +0000
        • Ferenc KovacsTue, 17 Dec 2013 10:58:41 +0000
          • Joe WatkinsTue, 17 Dec 2013 11:27:13 +0000
            • Ferenc KovacsTue, 17 Dec 2013 11:40:30 +0000
              • Joe WatkinsTue, 17 Dec 2013 11:51:55 +0000
                • Andrea FauldsTue, 17 Dec 2013 16:06:33 +0000
                  • Joe WatkinsTue, 17 Dec 2013 16:23:08 +0000
                    • Ferenc KovacsTue, 17 Dec 2013 17:43:08 +0000
                      • Pierre JoyeTue, 17 Dec 2013 21:16:20 +0000
          • Daniel LowreyTue, 17 Dec 2013 12:08:55 +0000
            • Daniel LowreyTue, 17 Dec 2013 12:10:06 +0000
            • Joe WatkinsTue, 17 Dec 2013 12:21:57 +0000
              • Ferenc KovacsTue, 17 Dec 2013 12:36:15 +0000
                • Daniel LowreyTue, 17 Dec 2013 13:19:36 +0000
                  • Ferenc KovacsTue, 17 Dec 2013 13:56:07 +0000
                    • Rasmus LerdorfTue, 17 Dec 2013 14:02:39 +0000
                      • Ferenc KovacsTue, 17 Dec 2013 14:06:53 +0000
                        • Andrea FauldsTue, 17 Dec 2013 16:08:53 +0000
                      • Joe WatkinsTue, 17 Dec 2013 14:21:28 +0000
                        • Andrea FauldsTue, 17 Dec 2013 16:10:41 +0000
                    • Daniel LowreyTue, 17 Dec 2013 14:05:16 +0000
                • Joe WatkinsTue, 17 Dec 2013 13:44:44 +0000
  • Daniel LowreyWed, 01 Jan 2014 18:11:50 +0000Re: [VOTE] TLS Peer Verification