Message71586
I would think most people/applications want to know to which host they
are talking to. The reason I am advocating adding a default check to the
stdlib is because this is IMO important for security, and it is easy to
get it wrong (I don't think I have it 100% correct in M2Crypto either,
although I believe it errs on the side of caution). I believe it would
be a disservice to ship something that effectively teaches developers to
ignore security (like the old socket.ssl does).
A TLS extension also allows SSL vhosts, so static IPs are no longer
strictly necessary (this is not universally supported yet, though). |
|
Date |
User |
Action |
Args |
2008-08-20 22:52:16 | heikki | set | recipients:
+ heikki, janssen, vila, ahasenack |
2008-08-20 22:52:15 | heikki | set | messageid: <1219272735.73.0.805807230774.issue1589@psf.upfronthosting.co.za> |
2008-08-20 22:52:15 | heikki | link | issue1589 messages |
2008-08-20 22:52:14 | heikki | create | |
|