diff options
author | Heikki Toivonen <heikki@heikkitoivonen.net> | 2006-04-05 07:39:41 +0000 |
---|---|---|
committer | Heikki Toivonen <heikki@heikkitoivonen.net> | 2006-04-05 07:39:41 +0000 |
commit | e0a1940f6f027ea4a4d02117f0c6ee758981b575 (patch) | |
tree | 58966adf7d542a292a9c64e82320ecc20cac8259 | |
parent | a564adb0005dfc459c7475a5df389580538ba996 (diff) | |
download | m2crypto-e0a1940f6f027ea4a4d02117f0c6ee758981b575.tar.gz |
Removed the caveat about Python/OpenSSL security bugs. Both
have had (and will have) issues, but that is the fact of life.
Besides, both are very popular and have become under much
scrutiny lately.
Added a note where to look for sample use, and recommended
reading before deploying for real.
git-svn-id: http://svn.osafoundation.org/m2crypto/trunk@404 2715db39-9adf-0310-9c64-84f055769b4b
-rw-r--r-- | README | 12 |
1 files changed, 4 insertions, 8 deletions
@@ -42,6 +42,10 @@ LICENCE for details. To install, see the file INSTALL. +Look at the tests and demos for example use. Recommended reading before +deploying in production is "Network Security with OpenSSL" by John Viega, +Matt Messier and Pravir Chandra, ISBN 059600270X. + Note these caveats: - Possible memory leaks, because some objects need to be freed on the @@ -53,10 +57,6 @@ Note these caveats: - PRNG may not be CS [2]_ nor CS [3]_. -- AFAIK, Python has not been subjected to the full attention of the - Bugtraq crowd. M2Crypto's handling of active hostile input is probably - suspect. [4]_ - Have fun! Your feedback is welcome. @@ -69,7 +69,3 @@ Have fun! Your feedback is welcome. .. [2] Continuous seeding. .. [3] Cryptographically strong. - -.. [4] In recent years, there have been reported vulnerabilities - in some versions of OpenSSL and attacks against the SSL protocol - itself. |