Skip to content
This repository has been archived by the owner on Feb 1, 2023. It is now read-only.

Insecure HTTP requests made by installer redirects #32

Open
milesmcc opened this issue Feb 8, 2018 · 1 comment
Open

Insecure HTTP requests made by installer redirects #32

milesmcc opened this issue Feb 8, 2018 · 1 comment

Comments

@milesmcc
Copy link

milesmcc commented Feb 8, 2018
edited
Loading

On line 41 of install/autocanary.nsi, the installer references an HTTP address: http://timestamp.globalsign.com/scripts/timstamp.dll.

Beyond the security risk an insecure request constitutes, the page itself redirects to https://www.globalsign.com/en/timestamp-service/, which does not seem like a timestamp. (It's a marketing page.) Perhaps the intended URL has changed?

screenshot-2018-2-8 rfc 3161 compliance
Screenshot of the page that http://timestamp.globalsign.com/scripts/timstamp.dll redirects to (https://www.globalsign.com/en/timestamp-service/).

This is potentially the underlying issue behind #30?

I would submit a fix as a PR, but have no way of properly testing the changes because I am not running a Windows machine.

Thanks!
# for free to subscribe to this conversation on GitHub. Already have an account? #.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@milesmcc and others