[vlc-devel] Re: vlc: svn commit r19511 (pdherbemont)

Rémi Denis-Courmont rem at videolan.org
Wed Mar 28 19:37:31 CEST 2007


Le mercredi 28 mars 2007 20:34, Pierre d'Herbemont a écrit :
> Right, this is not right. Thanks, fixed. But if my change introduced
> a security exploit when using TLS, it means that there still is one.
> (send Location: http://ddd.ccc/etc from a TLS server). The code
> should then be reviewed.

If the TLS server tells you to downgrade to non-TLS, you have to. It's 
not an exploit; it's either a genuine request or a misconfiguration of 
the server.

-- 
Rémi Denis-Courmont
http://www.remlab.net/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://mailman.videolan.org/pipermail/vlc-devel/attachments/20070328/5cc0de1a/attachment.sig>


More information about the vlc-devel mailing list