Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSL Updates #7

Open
bored-engineer opened this issue Nov 29, 2013 · 3 comments
Open

SSL Updates #7

bored-engineer opened this issue Nov 29, 2013 · 3 comments
Assignees
@riptidewave93
Labels
enhancement

Comments

@bored-engineer
Copy link

The updates are currently downloaded via http, which is insecure and could allow unauthorized access via mitm. Updates and checks should be served via SSL. It does not need to be a valid SSL cert if the root ca were installed as part of the update.
@riptidewave93
Copy link
Member

This is currently a planned feature that will be added to Team Eureka's first ROM release. Thanks for the report!

@ghost ghost assigned riptidewave93 Nov 29, 2013
@riptidewave93
Copy link
Member

This feature will probably be put on hold. Due to the fact that the google toolchain has no support for OpenSSL or GNUTLS, we are currently unable to compile in SSL support into curl or wget.

But, we are workin with the possibility of using a signing key for the zip files which would still prevent mitm attacks and corrupt downloads.

@riptidewave93
Copy link
Member

Just as a update, @tchebb thinks he found a way to add SSL support to the toolchain, so this may be possible now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@riptidewave93 riptidewave93

Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bored-engineer @riptidewave93