Skip to content
Snippets Groups Projects
Select Git revision
  • 0x4A6F-rpi4
  • 0x4A6F-master
  • master
  • v2018.2.2-ffs
  • v2018.2.x default protected
  • v2016.2.4-batmanbug
  • radv-filterd
  • v2016.2.x
  • hoodselector
  • v2016.1.x
  • babel
  • v2015.1.x
  • 2014.4.x
  • 2014.3.x
  • v2018.2.2-ffs0.1
  • v2018.2.1-ffs0.1
  • v2018.2.1
  • v2018.2-ffs0.1
  • v2018.2
  • v2018.1.4
  • v2018.1.3
  • v2018.1.2
  • v2018.1.1
  • v2018.1
  • v2017.1.8
  • v2017.1.7
  • v2017.1.6
  • v2017.1.5
  • v2017.1.4
  • v2017.1.3
  • v2017.1.2
  • v2016.2.7
  • v2017.1.1
  • v2017.1
34 results

packages

  • Clone with SSH
  • Clone with HTTPS
  • Forked from firmware / FFS Gluon
    Source project has a limited visibility.
    user avatar
    Matthias Schiffer authored
    The autoupdater supports HTTPS when a ustream TLS backend is installed,
    but we did not allow this in site.conf. However, just allowing HTTPS
    URLs unconditionally is also a bad idea, as it might result in nodes
    being unable to reach the mirror, in particular if the `tls` feature is
    enabled only for some devices.
    
    Solve this by allowing https:// URLs only if the marker file installed
    by gluon-tls is found, failing the site check with an error message like
    the following otherwise:
    
        *** All of the following alternatives have failed:
            1) site.conf error: expected autoupdater.branches.test.mirrors.1 to match pattern 'http://', but it is "https://..." (a string value)
            2) site.conf error: expected autoupdater.branches.test.mirrors.1 to use HTTPS only if the 'tls' feature is enabled, but it is "https://..." (a string value)
            3) site.conf error: expected autoupdater.branches.test.mirrors.1 to match pattern '^//', but it is "https://..." (a string value)
    
    In addition, introduce support for protocol-less //server/path URLs,
    which will use either HTTP or HTTPS depending on the availablility of
    the `tls` feature. No fallback happens when `tls` is available, but the
    HTTPS connection fails, preventing downgrade attack.
    
    Based-on-patch-by: default avatarKevin Olbrich <ko@sv01.de>
    c800fe7f
    History
    Name Last commit Last update
    ..