The one place for your designs
To enable design management, you'll need to meet the requirements. If you need help, reach out to our support team for assistance.
tails-security-check's CA pinning is not effective on sid
Originally created by @intrigeri on #11812 (Redmine)
I guess it’s the same on Stretch. The BEGIN block does not work as it
used to. This instead seems to work:
$ua->ssl_opts(verify_hostname => 1);
$ua->ssl_opts(SSL_ca_file => $cafile);To be verified: do we also need to empty SSL_ca_path to avoid the
system’s /etc/ssl/certs/ from being used?
Note that we might wish to change the way tails-security-check does
HTTPS requests entirely (#11810 (comment 55225)) so let’s hold on a bit here.
Related issues
- Blocked by #11810 (closed)