summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authordpash <dpash@dbcabf3a-b0e7-0310-adc4-f8d773084564>2005-07-17 16:40:28 +0000
committerdpash <dpash@dbcabf3a-b0e7-0310-adc4-f8d773084564>2005-07-17 16:40:28 +0000
commit9d609752be72d093c942e53064333440b30105e5 (patch)
tree4720d89c0bfbdfe1957fa087d83ecbc619212747
parenta72e65d9edc7bcc056dc8be8828f0bd9dd9dbb7c (diff)
downloadirssi-9d609752be72d093c942e53064333440b30105e5.zip
Warn people about the lack of certificate verification in the gnutls
code. git-svn-id: http://svn.irssi.org/repos/irssi/trunk@3863 dbcabf3a-b0e7-0310-adc4-f8d773084564
-rw-r--r--debian/NEWS.Debian12
1 files changed, 12 insertions, 0 deletions
diff --git a/debian/NEWS.Debian b/debian/NEWS.Debian
new file mode 100644
index 00000000..e6a5aafa
--- /dev/null
+++ b/debian/NEWS.Debian
@@ -0,0 +1,12 @@
+irssi (0.8.10~rc5-1) unstable; urgency=low
+
+ * This package has the beginnings of GNUTLS support for SSL rather
+ than the upstream OpenSSL code. This may have many bugs in and is
+ not feature complete. In particular it does not support verification
+ of the server's certificate. As a result the connection is vunerable
+ to man in the middle attack. This is only a regression if you use
+ the -cafile or -capath options to /connect. The data is still
+ encrypted.
+
+ -- David Pashley <david@davidpashley.com> Sun, 17 Jul 2005 19:39:37 +0300
+