Skip to content
This repository has been archived by the owner on Feb 1, 2023. It is now read-only.

Insecure HTTP requests made by installer redirects #32

Open
milesmcc opened this issue Feb 8, 2018 · 1 comment
Open

Insecure HTTP requests made by installer redirects #32

milesmcc opened this issue Feb 8, 2018 · 1 comment

Comments

@milesmcc
Copy link

milesmcc commented Feb 8, 2018
edited
Loading

On line 41 of install/autocanary.nsi, the installer references an HTTP address: http://timestamp.globalsign.com/scripts/timstamp.dll.

Beyond the security risk an insecure request constitutes, the page itself redirects to https://www.globalsign.com/en/timestamp-service/, which does not seem like a timestamp. (It's a marketing page.) Perhaps the intended URL has changed?

screenshot-2018-2-8 rfc 3161 compliance
Screenshot of the page that http://timestamp.globalsign.com/scripts/timstamp.dll redirects to (https://www.globalsign.com/en/timestamp-service/).

This is potentially the underlying issue behind #30?

I would submit a fix as a PR, but have no way of properly testing the changes because I am not running a Windows machine.

Thanks!
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@milesmcc and others