Sparkle

Can we match root domains for https download?

Asked by dwood

Looking at the recent security checkins, I wonder if we could have the check for matching host be at the domain level, not the subdomain level. I have my appcast at a different subdomain from my ssl domain. So it would be nice if the root domain name matched, but I think it's a bit overkill to require that the subdomain match as well. Thoughts?

Question information

Language:
English Edit question
Status:
Answered
For:
Sparkle Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Hofman (cmhofman) said : 		#1

Seems to be already changed, now only the scheme is checked.

Another thing, what if I'm paranoid, and want to do a DSA check while *also* using a secure download and appcast URL? Currently that does not work.

Revision history for this message
Andy Matuschak (andymatuschak) said : 		#2

I mean, the SSL connection is already doing strong encryption for you. I don't think I want to support using both.

Can you help with this problem?

Provide an answer of your own, or ask dwood for more information if necessary.

To post a message you must log in.