Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Attempt to download packages via HTTPS connection #746

Closed
lennartb- opened this issue May 24, 2016 · 2 comments
Closed

Attempt to download packages via HTTPS connection #746

lennartb- opened this issue May 24, 2016 · 2 comments
Assignees
@ferventcoder
Labels
5 - Released Improvement Security
Milestone
0.10.1

Comments

@lennartb-
Copy link

Split from #350

Trying to download certain packages with a HTTP-URL may fail in certain circumstances where for example a firewall blocks download of "insecure" files. Downloading a file via a HTTPS link however may work in that case. While the package URLs are of course dependent on the package maintainer, some server actually also serve via HTTPS besides HTTP.
Besides that HTTPS is more secure (though I can can't say whether this is interesting for choco), it would be convenient to either first try a HTTPS connection before HTTP, or add a flag (e.g. --TryHttps) which tries to force a download via HTTPS.
@ferventcoder ferventcoder added this to the 0.9.10.1 milestone May 24, 2016
@ferventcoder ferventcoder modified the milestones: 0.9.10.1, 0.9.10.2, 0.9.10.3, 0.9.10.4, 0.9.10.5 Jun 17, 2016
@ferventcoder
Copy link
Member

@lennartb- one thing we've enforced is package checksum now for HTTP. I think we can also attempt to do this as well, which will make things better.

@ferventcoder ferventcoder modified the milestones: 0.10.1, 0.10.2 Sep 7, 2016
@ferventcoder ferventcoder modified the milestones: 0.10.1, 0.10.2 Sep 11, 2016
@ferventcoder ferventcoder self-assigned this Sep 11, 2016
@ferventcoder
Copy link
Member

This will ease things up a bit for some existing packages. It will attempt to determine if HTTPS is available and then use it to download instead.

ferventcoder added a commit that referenced this issue Sep 12, 2016
@ferventcoder
(GH-746) Use HTTPS if available when HTTP url
66b636a 
If the host can be addressed with HTTPS, switch the download url to use
HTTPS.
ferventcoder added a commit that referenced this issue Sep 12, 2016
@ferventcoder
Merge branch 'stable'
e26c02c 
* stable: (24 commits)
  (GH-839) Switch to apply package parameters to dependent packages
  (maint) formatting methods / parameters in calls
  (GH-958) If SSLv3 in Posh v2 Fails, Use Original
  (GH-746) Use HTTPS if available when HTTP url
  (GH-957) Skip Get-WebFileName When FTP
  (GH-948) Ensure passwords / keys are not logged
  (GH-952) Get-ChocolateyWebFile enhancements
  (doc) update generated docs
  (maint) formatting
  (docs) move GenerateDocs.ps1 / update
  (GH-932) Do not set unknown checksum to 'md5'
  (GH-719) Reset ServerCertificateValidationCallback
  (GH-305) add MSP/MSU installer types
  (GH-305) update exitcodes to long
  (GH-954) Pending fails when lib does not exist
  (GH-950) Install-ChocolateyPackage - UseOriginalLocation
  (maint) formatting
  (GH-922) Automatically determine checksum type
  (maint) fixes for shimgen
  (GH-948) Do not log sensitive arguments
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ferventcoder ferventcoder

Labels
5 - Released Improvement Security
Projects
None yet
Milestone
0.10.1
Development

No branches or pull requests
3 participants
@ferventcoder @gep13 @lennartb-