[fpc-devel] Request for review of patch for security risk in fcl-web/openssl
Peter
dokkie.fpc at gmail.com
Sat Nov 4 16:10:35 CET 2023
Hi,
Issue 40479 is about a security risk when OpenSSL is used in fcl-web
(TFPHTTPClient). Using the current source/trunk, TLS certificates
having a wrong hostname are accepted, while they should be rejected.
An easy patch for this is available, I kindly ask for a review by one
of the developers:
https://gitlab.com/freepascal.org/fpc/source/-/issues/40479
If I can help in any way to facilitate this review, please let me know.
(BTW I also submitted a patch for a GnuTLS problem, which is less
important because it is no security risk, but still a review is highly
appreciated:
https://gitlab.com/freepascal.org/fpc/source/-/issues/40195#note_1621128840)
Peter.
More information about the fpc-devel
mailing list