Re: Scripts that run insecurely-downloaded code

To: debian-security@lists.debian.org
Subject: Re: Scripts that run insecurely-downloaded code
From: "Rebecca N. Palmer" <rebecca_palmer@zoho.com>
Date: Sat, 2 May 2020 09:50:45 +0100
Message-id: <[🔎] 053b4107-a13f-1dcc-80cf-f45649b64b79@zoho.com>
In-reply-to: <[🔎] 7a9e5815-2491-b77d-001f-c5514f17cd4c@gmail.com>

Davide Prina wrote:

Not all the software that implement HTTPS verify the validity of the certificate and the validity of all the certification chain.

These scripts are using wget or curl, which both say they do verifycertificates. If they do not do so correctly, please report this.

For example where I work has been invalidated a certificate, but for mistake the new valid one was not loaded on a https site. With Debian and Firefox I cannot access that site (I get "the certificate is not valid" or something similar), but other people, that use another OS, can access it with internet explorer and chrome, but not with Firefox.

Since this involved a revoked certificate, possiblyhttps://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol#Browser_support

Reply to:

References:
- Re: Scripts that run insecurely-downloaded code
  - From: Davide Prina <davide.prina@gmail.com>

Prev by Date: Re: Scripts that run insecurely-downloaded code
Next by Date: Fwd: Re: Scripts that run insecurely-downloaded code
Previous by thread: Re: Scripts that run insecurely-downloaded code
Next by thread: Re: Scripts that run insecurely-downloaded code
Index(es):
- Date
- Thread