Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixes #325, #318 - don't download cacert.pem #328

Merged
merged 1 commit into from
Feb 24, 2015
Merged

Fixes #325, #318 - don't download cacert.pem #328

merged 1 commit into from
Feb 24, 2015

Commits on Feb 24, 2015

  1. Fixes #325, #318 - don't download cacert.pem 

    This addresses both concerns of #318 and #325. We were downloading the
SSL CA bundle over http because at the point in time when we wanted to
even do that we might not have been in a state where the SSL
certificates from curl.haxx.se could be verified. Using http is just
as good at that point as using SSL without verification. However...

This addresses the concern raised in #325, whereby the upstream
cacert.pem removed certificates used by services such as AWS S3,
causing SSL connections to those sites to fail to verify. We should
rely on the ca-bundle.crt that comes with the openssl package on the
platforms in question (centos/fedora).
    jtimberman committed Feb 24, 2015
    Configuration menu
    Copy the full SHA
    0854e2c View commit details
    Browse the repository at this point in the history