Closed schuetzm closed 6 years ago
Hello,
Thanks for report. This change will probably break some clients, but looks like you are right, it should be enabled by default.
чт, 19 Апр 2018 г., 12:55 Marc Schütz notifications@github.com:
Going by the source documentation ( https://github.com/ikod/dlang-requests/blob/master/source/requests/request.d#L185), it seems sslSetVerifyPeer() is off by default. Needless to say, this is a very bad idea from a security POV. Please make sure the default is true.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/ikod/dlang-requests/issues/72, or mute the thread https://github.com/notifications/unsubscribe-auth/ABNuSepl0TkL6YGH_uqhWphwg9Y-aLLYks5tqF8WgaJpZM4TbfZ6 .
Hello, @schuetzm
Fix is on github master. please check, and if it is ok, I'll make new release.
the readme still shows sslSetVerifyPeer(true)
in the example and implicitly suggests that it is off by default, making most people who don't read further think it's disabled by default.
Hello @WebFreak001
Now all ssl related options explicitly listed and example fixed in README.md.
Thanks for report!
Going by the source documentation (https://github.com/ikod/dlang-requests/blob/master/source/requests/request.d#L185), it seems
sslSetVerifyPeer()
is off by default. Needless to say, this is a very bad idea from a security POV. Please make sure the default istrue
.