[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[harden-mac:0039] Re: OmniWeb 4.1.1SP2

To: harden-mac@xxxxxxxxxx
Subject: [harden-mac:0039] Re: OmniWeb 4.1.1SP2
From: SHIROYAMA Takayuki <puresnow@xxxxxxx>
Date: Wed, 28 Aug 2002 03:10:12 +0900

しろやまです。すみません。Webページから Cut&Pasteしたときにヤバイ文字を植え付けてしまい、化けるメールを送ってしまいました。 ------------------------------------------------ さきほど OmniWeb 4.1.1SP2がでていたので入れてみましたが、 Release Notesに以下のような文面を見つけました。 ------------------------------------------------ Improvements to OmniWeb's HTTPS/SSL support to ensure that the browser will not connect to a domain with a security certificate that does not belong to the host. Additionally, OmniWeb will check the authenticity of all security certificates along the chain to ensure that they are all valid. This means OmniWeb is no longer vulnerable to the 'Man-in-the-middle' attack that was recently publicized on SecurityFocus <http://online.securityfocus.com/archive/1/286290/2002-08-08/2002-08- 14/2>. ・ During HTTPS transactions, we now keep track of the hostname we think we're talking to, and verify that the certificate we receive from the server actually matches the hostname. ・ We now load the root certificates that Apple has cleverly stashed in CoreFoundation into our SSL context when we create it and added a certificate verification callback which (in addition to SSL's checks) passes the leaf certificate off to the SSLSocket instance so that it can be compared to the URL we're trying to fetch. ・ Added a new default (preference), HTTPSRequireValidCertificate, which defaults to YES. This ensures that there is still a way to connect to an https server that has a bogus certificate, should you desire to do so. ・ In the event that OmniWeb's verification process fails, you will see an error message in the browser window like "Cannot Load Address Unable to connect, SSL_connect() failed". This error will be made more user-friendly in a future version of OmniWeb. ------------------------------------------------ っつーことでございます。 --- SHIROYAMA Takayuki --[PR]------------------------------------------------------------------ ■■■■ウェブマスター様へ　　　　Amazon.co.jpアソシエイト・プログラム ■■■ ■■■■サイト作りのお手伝い | いろいろなリンク方法 | ３%～５%の紹介料 ■■■ ■■■■ http://ad.freeml.com/cgi-bin/ad.cgi?id=bm5L5 ------------------------------------------------------------------[PR]-- <GMO GROUP> Global Media Online www.gmo.jp

Follow-Ups:
- [harden-mac:0040] Re: OmniWeb 4.1.1SP2
  - From: ISHIKAWA Yasuhisa

References:
- [harden-mac:0038] OmniWeb 4.1.1SP2
  - From: SHIROYAMA Takayuki

Prev by Date: [harden-mac:0038] OmniWeb 4.1.1SP2
Next by Date: [harden-mac:0040] Re: OmniWeb 4.1.1SP2
Previous by thread: [harden-mac:0038] OmniWeb 4.1.1SP2
Next by thread: [harden-mac:0040] Re: OmniWeb 4.1.1SP2
Index(es):
- Date
- Thread