Ticket #49 (closed defect: fixed)

Opened 3 years ago

Last modified 2 years ago

[security] fetch(1) does not perform certificate verification

Reported by: blee Owned by: confman-developers@…
Priority: blocker Milestone: confman-1.9.2
Component: FreeBSD Support Version: 1.9.1b
Keywords: security Cc:

Description

fetch(1) on FreeBSD does not perform certificate verification, making it vulnerable to attacks such as man-in-the-middle.

confman should use something else, like wget.

This affects users running confsync over https.

Change History

comment:1 Changed 2 years ago by ccowart

(In [407]) Making confman use wget regardless of OS to allow support for certificate
verification on HTTPS URLs.

Leaving ticket open until merged into 1.9 branch.

See #49

comment:2 Changed 2 years ago by ccowart

  • Status changed from new to closed
  • Resolution set to fixed

(In [412]) Merging fixes from trunk for several issues.

Fixes #49, #53, #61, #47, #48

Note: See TracTickets for help on using tickets.