[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#27437: Source downloader accepts X.509 certificate for incorrect dom
From: |
Leo Famulari |
Subject: |
bug#27437: Source downloader accepts X.509 certificate for incorrect domain |
Date: |
Thu, 22 Jun 2017 00:09:01 -0400 |
User-agent: |
Mutt/1.8.3 (2017-05-23) |
On Wed, Jun 21, 2017 at 12:50:15PM +0200, Ludovic Courtès wrote:
> Leo Famulari <address@hidden> skribis:
> > While working on some package updates, I found that the source code
> > downloader will accept an X.509 certificate for an incorrect site.
[...]
> IOW, since we’re checking the integrity of the tarball anyway, and we
> assume developers checked its authenticity when writing the recipe, then
> who cares whether downloads.xiph.org has a valid certificate?
>
> Does it make sense?
Yeah, I think it makes sense if checking the certificates would add too
much complexity for what I think is a minor benefit: protecting against
exploitation of bugs by MITM (but not xiph.org) in whatever code runs
after the connection is initiated and before the hash is calculated.
Perhaps a MITM could send a huge file and fill up the disk or something
like that.
Closing the bug, but more thoughts are welcome!
signature.asc
Description: PGP signature