summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorCzarnowski, Przemyslaw <przemyslaw.hawrylewicz.czarnowski@intel.com>2021-05-19 13:28:03 +0300
committerCzarnowski, Przemyslaw <przemyslaw.hawrylewicz.czarnowski@intel.com>2021-05-24 16:38:40 +0300
commita0bcbd873a067958da13aa881446913ba6c83762 (patch)
tree0130bc974b00a338d20ba0e6223c613f180e372c
parentebf1d1e6045b066431c78a44e250e051ac0361ed (diff)
downloadvirtual-media-a0bcbd873a067958da13aa881446913ba6c83762.tar.xz
Forbid redirection of https resources
Due to security reasons (by security researcher recommendation) remote source redirections shouldn't be allowed in order to disallow connection downgrading Tested: Tested with python server script forcing redirection Change-Id: Ia68884dbcc399abc685dcbcf4e205aa62356478f Signed-off-by: Czarnowski, Przemyslaw <przemyslaw.hawrylewicz.czarnowski@intel.com>
Diffstat
-rw-r--r--src/state/activating_state.cpp1
1 files changed, 1 insertions, 0 deletions
diff --git a/src/state/activating_state.cpp b/src/state/activating_state.cpp
index b76ef12..6cf9f68 100644
--- a/src/state/activating_state.cpp
+++ b/src/state/activating_state.cpp
@@ -266,6 +266,7 @@ std::unique_ptr<resource::Process>
// custom OpenBMC path for CA
"capath=/etc/ssl/certs/authority",
"ssl-version=tlsv1.2",
+ "followlocation=false",
"ssl-cipher-list=ALL:!eNULL:!aNULL:"
"!AES256-GCM-SHA384:!AES128-GCM-SHA256:"
"!AES256-SHA256:!AES128-SHA256"};
generated by cgit v1.2.3 (git 2.39.0) at 2024-05-03 10:54:27 +0300