5290c01c62
Validate HTTPS by default, unless environment variable SSL_NO_VERIFY_PEER is set (from FreeBSD). WARNING: This changes the semantics of the library in ways that may break the functionality of existing callers, even callers that don't ask to fetch HTTPS URLs -- because HTTP may redirect to HTTPS. WARNING: This does not guarantee fetching HTTPS URLs will return only authenticated data from the named host. If the host redirects to HTTP or FTP, libfetch will follow the redirect and return unauthenticated data with no way for the caller to know this has happened (short of disabling redirects altogether -- including HTTPS-to-HTTPS redirects -- with the undocumented `A' flag). That's OK for pkgsrc distfile fetch, since we have checksums stored in pkgsrc for the distfiles, but makes a simple server misconfiguration a security vulnerability with pkg_add or pkgin (even with signed packages, because there's a lot of attack surface between the transport layer and the package signatures). Discussion on tech-pkg: https://mail-index.netbsd.org/tech-pkg/2023/12/09/msg028590.html https://mail-index.netbsd.org/tech-pkg/2023/12/22/msg028654.html ok gdt (https://mail-index.netbsd.org/tech-pkg/2023/12/31/msg028733.html) |
||
---|---|---|
.. | ||
files | ||
DESCR | ||
Makefile | ||
PLIST | ||
buildlink3.mk | ||
options.mk |