Opened at 2011-06-23T13:23:14Z
Last modified at 2011-06-23T17:13:59Z
#1422 new defect
https node.url is not verified by httplib
| Reported by: | ChosenOne | Owned by: | nobody |
|---|---|---|---|
| Priority: | major | Milestone: | undecided |
| Component: | code-frontend-cli | Version: | 1.8.2 |
| Keywords: | https security integrity confidentiality | Cc: | |
| Launchpad Bug: |
Description
Tahoe currently uses httplib for CLI commands. If node.url points to a https resource we will happily perform a https request. The issue is that httplib does not verify server certificates. Using a remote node.url with https wouldn't be as secure as people would expect (cf. man-in-the-middle, ssltrip, etc.).
Change History (1)
comment:1 Changed at 2011-06-23T17:13:59Z by davidsarah
- Component changed from unknown to code-frontend-cli
- Keywords security integrity confidentiality added; verify removed
- Priority changed from minor to major
Note: See
TracTickets for help on using
tickets.
