12 Jun
2015
12 Jun
'15
9:43 p.m.
noname wrote:
SSL3 and compression are not the main issue. HTTPS in dillo is completely broken because it does not check for domain name in the certificate. hg tip has checking code copied from wget and current dillo release has no code for it at all. It means that Dillo accepts any valid certificate as a certificate for, let's say, gmail. You can get one from StartSSL for free and test, it works.
Right, I hadn't wanted to do any real New Work for 3.0.5 that would require a somewhat higher level of scrutiny and testing, but all right, I'll take a look at gluing that stuff into the https dpi.