[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-wget] [PATCH] Allow to redefine ciphers list for OpenSSL

From: Petr Pisar
Subject: Re: [Bug-wget] [PATCH] Allow to redefine ciphers list for OpenSSL
Date: Tue, 8 Jul 2014 16:14:42 +0200
User-agent: Mutt/1.5.23 (2014-03-12)

On Tue, Jul 08, 2014 at 10:00:24AM -0400, Tomas Hozza wrote:
> I'm afraid this is not suitable for us. We need to be able to define the
> policy somewhere in /etc, where the user is not able to change it (only
> the system administrator).
I hope can also prevent the user from running his own wget executable, or
ld-preloading modified OpenSSL library, or intercepting open(2) calls to
provide fake /etc file.

> Also the main intention to have a single place to set the policy for all
> system components, therefore wgetrc is not the right place for us.
What about to change wget to call OPENSSL_config(NULL) instead of setting some
hard-coded preference string. Then you can teach OpenSSL to load your /etc
configuration instead of patching each application.

-- Petr

Attachment: pgpsQW6Ta47VE.pgp
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]