-
Matthias Schiffer authoredThe autoupdater supports HTTPS when a ustream TLS backend is installed, but we did not allow this in site.conf. However, just allowing HTTPS URLs unconditionally is also a bad idea, as it might result in nodes being unable to reach the mirror, in particular if the `tls` feature is enabled only for some devices. Solve this by allowing https:// URLs only if the marker file installed by gluon-tls is found, failing the site check with an error message like the following otherwise: *** All of the following alternatives have failed: 1) site.conf error: expected autoupdater.branches.test.mirrors.1 to match pattern 'http://', but it is "https://..." (a string value) 2) site.conf error: expected autoupdater.branches.test.mirrors.1 to use HTTPS only if the 'tls' feature is enabled, but it is "https://..." (a string value) 3) site.conf error: expected autoupdater.branches.test.mirrors.1 to match pattern '^//', but it is "https://..." (a string value) In addition, introduce support for protocol-less //server/path URLs, which will use either HTTP or HTTPS depending on the availablility of the `tls` feature. No fallback happens when `tls` is available, but the HTTPS connection fails, preventing downgrade attack. Based-on-patch-by:
Kevin Olbrich <ko@sv01.de>Matthias Schiffer authoredThe autoupdater supports HTTPS when a ustream TLS backend is installed, but we did not allow this in site.conf. However, just allowing HTTPS URLs unconditionally is also a bad idea, as it might result in nodes being unable to reach the mirror, in particular if the `tls` feature is enabled only for some devices. Solve this by allowing https:// URLs only if the marker file installed by gluon-tls is found, failing the site check with an error message like the following otherwise: *** All of the following alternatives have failed: 1) site.conf error: expected autoupdater.branches.test.mirrors.1 to match pattern 'http://', but it is "https://..." (a string value) 2) site.conf error: expected autoupdater.branches.test.mirrors.1 to use HTTPS only if the 'tls' feature is enabled, but it is "https://..." (a string value) 3) site.conf error: expected autoupdater.branches.test.mirrors.1 to match pattern '^//', but it is "https://..." (a string value) In addition, introduce support for protocol-less //server/path URLs, which will use either HTTP or HTTPS depending on the availablility of the `tls` feature. No fallback happens when `tls` is available, but the HTTPS connection fails, preventing downgrade attack. Based-on-patch-by:Kevin Olbrich <ko@sv01.de>