Bug#790093: dgit is subvertable by X.509 CA cabal

Control: clone -1 -2 Control: retitle -2 dgit should pin to the LE CA for ftpmasterapi Control: retitle -1 dgit should not trust any third party when talking to Debian servers intrigeri writes ("Re: Bug#790093: dgit is subvertable by X.509 CA cabal"): > (after I've started

Bug#790093: dgit is subvertable by X.509 CA cabal

intrigeri: > the current code I have that does exactly this uses WWW::Curl > instead As Ian requested, here is that code: https://git.tails.boum.org/perl5lib/tree/lib/Tails/Download/HTTPS.pm (note that this code is a bit more complicated than you want because IIRC it takes care of problems specif

Bug#790093: dgit is subvertable by X.509 CA cabal

Hi, (after I've started to play with dgit today — and very much like it so far! — a friend pointed me to this bug) Ian Jackson: > The ftpmaster api service is currently provided over HTTP over TLS, > based on with a standard X.509 web PKI cert from Let's Encrypt. > We want, instead, those API que

Bug#790093: dgit is subvertable by X.509 CA cabal

Package: dgit Version: 0.23 Severity: important dgit needs to access various things from the ftpmaster server. These things are provided via HTTP over TLS. Unfortunately dgit's HTTP TLS clients (wget and perl) can no longer be persuaded to expect specifically and exactly the right server's EE ce