Check that https-get-expired is still up to date
Context
https-get-expired
is our own tool that can perform HTTPS requests accepting certificates that are expired.
To do this, we are overriding the default Golang function verifyServerCertificate
with another one that is largely copied, but with small differences.
What you need to do
To make sure we keep this updated to changes in Golang, check https://gitlab.tails.boum.org/tails/tails/-/blob/stable/config/chroot_local-includes/usr/src/https-get-expired.go; the code has comments which will tell you where the original is.
- Check that the Golang code has not changed recently in the current version we are shipping. If so, let's keep the delta between that code and ours to a minimum
- Also check if our code also works for future versions of Go
Recurse
-
check the code -
create a new issue for the next quarter -
copy-paste this issue's text -
mark tasks as not done -
set an adequate milestone -
set the due date appropriately -
set labels C:Time synchronization Core Work:Foundations Team To Do T:Code -
mark it as related to this one
-
Meta
It's OK to skip one such quarterly check, but not 2 in a row.
Edited by boyska