Investigate and remove CA pinning
Bug #1895714 reported by
Andreas Hasenack
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
pollinate (Ubuntu) |
Expired
|
Undecided
|
Unassigned |
Bug Description
The pollinate package pins the CA used to verify the connection to https:/
Recently it switched to the Let's Encrypt CA, and that broke the client connection to the service.
That change will be reverted server-side, as that's quicker to do at the moment, but we should investigate why this restriction was placed on the client, and relax if it deemed appropriate. Or maybe prepare an SRU to add the let's encrypt CA to /etc/pollinate/
Changed in pollinate (Ubuntu): | |
assignee: | nobody → Paride Legovini (paride) |
To post a comment you must log in.
See also bug 1381359 - an example of a routine SRU updating the pin.