On 2/12/19 11:44 AM, Stuart Henderson wrote:
On 2019/02/05 12:55, Renaud Allard wrote:Any chances of getting it committed?I don't think we should be encouraging its use by having it in ports. Complex string parsing of a frequently updated website, in C, and the above bug isn't a good indication that they are getting things right (why does it even set CURL_POSTFIELDSIZE at all when it's doing a GET? why reuse a stale pointer?) - this is something I'd be wary of even for a standard website. But for something which has your ebay credentials? My comment about https wasn't so much "ports should change this" but more "the developers are insane if they think this is acceptable, what else are they doing wrong".
OK, agreed, on the positive side, this story has led to a patch in libcurl.
smime.p7s
Description: S/MIME Cryptographic Signature
