On Thu, Oct 30, 2014 at 2:50 PM, john <johnf@jfcomputer.com> wrote:
> Hi,
>
> On the server side of my Django website I use pycurl (version 7.20.x) to
> connect to authorize.net (to send credit card info). On Nov 4 Authorize.net
> will turn off SSLv3. So I'm wondering if my use pycurl will continue to
> work. To be honest I haven't thought about it much since the pycurl seem to
> take care of everything that Authorize.net required. Now I'm questioning if
> pycurl will continue to work and if I need to change anything - what do I
> chan.
>
> c=pycurl.Curl()
> c.setopt(c.URL, GatewayURL)
> c.setopt(c.POST, TRUE)
> c.setopt(c.SSL_VERIFYPEER, FALSE)
Why do you disable peer verification checks? Its like asking for a
MITM to come and scoop up those credit card details.
pycurl uses curl, curl can be built against OpenSSL. If your curl
library is linked against an OpenSSL library that disables all TLS and
only supports up to SSLv3, then you will have problems. That would be
quite unlikely.
Cheers
Tom
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAFHbX1%2BboL5pBkr6ujcGG10L4ihfogT0bjRLqDjWH2VW1xJkZA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment