tails-security-check's CA pinning is not effective on sid
I guess it’s the same on Stretch. The
BEGIN block does not work as it
used to. This instead seems to work:
$ua->ssl_opts(verify_hostname => 1); $ua->ssl_opts(SSL_ca_file => $cafile);
To be verified: do we also need to empty
SSL_ca_path to avoid the
/etc/ssl/certs/ from being used?
Note that we might wish to change the way
HTTPS requests entirely (#11810 (comment 55225)) so let’s hold on a bit here.
- Blocked by #11810 (closed)