[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[harden-mac:0038] OmniWeb 4.1.1SP2
- To: harden-mac@xxxxxxxxxx
- Subject: [harden-mac:0038] OmniWeb 4.1.1SP2
- From: SHIROYAMA Takayuki <puresnow@xxxxxxx>
- Date: Wed, 28 Aug 2002 03:00:25 +0900
しろやまです。
さきほど OmniWeb 4.1.1SP2がでていたので拾ってみましたが、
Release Notesに以下のような?き?みを?つけました。
------------------------------------------------
Improvements to OmniWeb's HTTPS/SSL support to ensure that the browser
will not connect to a domain with a security certificate that does not
belong to the host. Additionally, OmniWeb will check the authenticity
of all security certificates along the chain to ensure that they are
all valid. This means OmniWeb is no longer vulnerable to the
'Man-in-the-middle' attack that was recently publicized on
SecurityFocus
<http://online.securityfocus.com/archive/1/286290/2002-08-08/2002-08-
14/2>.
¤ During HTTPS transactions, we now keep track of the hostname we
think we're talking to, and verify that the certificate we receive from
the server actually matches the hostname.
¤ We now load the root certificates that Apple has cleverly stashed in
CoreFoundation into our SSL context when we create it and added a
certificate verification callback which (in addition to SSL's checks)
passes the leaf certificate off to the SSLSocket instance so that it
can be compared to the URL we're trying to fetch.
¤ Added a new default (preference), HTTPSRequireValidCertificate,
which defaults to YES. This ensures that there is still a way to
connect to an https server that has a bogus certificate, should you
desire to do so.
¤ In the event that OmniWeb's verification process fails, you will see
an error message in the browser window like "Cannot Load Address Unable
to connect, SSL_connect() failed". This error will be made more
user-friendly in a future version of OmniWeb.
------------------------------------------------
っつ?ことでございます。
---
SHIROYAMA Takayuki
--[PR]------------------------------------------------------------------
�$B%&%'%V>e$N%"%U%#%j%(%$%H%W%m%0%i%`$O?tB?$/$"$j$^$9$,!"#1G/$A$g$C$H$G�(B
�$B#1K|?M$b$N2CF~<T$r3MF@$7$?�(BAmazon.co.jp�$B$N%"%=%7%(%$%H!&%W%m%0%i%`$O�(B
�$B$=$N5!G=$H;H$$$d$9$5$G%&%'%V%^%9%?!<$K<u$1$F$$$^$9!#%j%s%/$rE=$l$PGd>e�(B
�$B$K1~$8$F#3!s!A#5!s$NJs=7$rF@$i$l$k$3$N%W%m%0%i%`$O!&!&!&�(B
http://ad.freeml.com/cgi-bin/ad.cgi?id=bm5KE
------------------------------------------------------------------[PR]--
<GMO GROUP> Global Media Online www.gmo.jp