Control: severity -1 important Control: tag -1 - security On Wed, 15 Jul 2015 12:52:24 +0200 Florent Daigniere < nextg...@freenetproject.org> wrote: > Package: openssl > Version: 1.0.2d-1 > Severity: grave > Tags: security > Justification: user security hole > > Dear Maintainer, > > It looks like openssl s_client is not providing any way to disregard the system's trusted CAs anymore... and this is a regression from Jessie. [...]
openssl s_client doesn't check the certificate's names either, and never has. It should only be used for debugging, not to make a secure tunnel. For secure tunnelling see the example in <https://www.decadent.org.uk/ben/blog/securing-git-imap-send-in-debian.html> Ben. -- Ben Hutchings Kids! Bringing about Armageddon can be dangerous. Do not attempt it in your own home. - Terry Pratchett and Neil Gaiman, `Good Omens'
signature.asc
Description: This is a digitally signed message part
