[tahoe-lafs-trac-stream] [tahoe-lafs] #1422: https node.url is not verified by httplib

[tahoe-lafs]

#1422: https node.url is not verified by httplib
---------------------------+---------------------------
 Reporter:  ChosenOne      |          Owner:  nobody
     Type:  defect         |         Status:  new
 Priority:  minor          |      Milestone:  undecided
Component:  unknown        |        Version:  1.8.2
 Keywords:  https, verify  |  Launchpad Bug:
---------------------------+---------------------------
 Tahoe currently uses httplib for CLI commands.
 If node.url points to a https resource we will happily perform a https
 request.
 The issue is that httplib does not verify server certificates. Using a
 remote node.url with https wouldn't be as secure as people would expect
 (cf. man-in-the-middle, ssltrip, etc.).

-- 
Ticket URL: <http://tahoe-lafs.org/trac/tahoe-lafs/ticket/1422>
tahoe-lafs <http://tahoe-lafs.org>
secure decentralized storage