[asterisk-bugs] [JIRA] (ASTERISK-29980) build: External binary modules don't use https

Friendly Automation (JIRA) noreply at issues.asterisk.org
Wed Mar 23 18:07:07 CDT 2022


    [ https://issues.asterisk.org/jira/browse/ASTERISK-29980?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=258449#comment-258449 ] 

Friendly Automation commented on ASTERISK-29980:
------------------------------------------------

Change 18238 merged by Kevin Harwell:
download_externals: Use HTTPS for downloads

[https://gerrit.asterisk.org/c/asterisk/+/18238|https://gerrit.asterisk.org/c/asterisk/+/18238]

> build: External binary modules don't use https
> ----------------------------------------------
>
>                 Key: ASTERISK-29980
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-29980
>             Project: Asterisk
>          Issue Type: Improvement
>      Security Level: None
>          Components: Codecs/codec_opus, Core/BuildSystem
>    Affects Versions: 19.2.1
>            Reporter: INVADE International Ltd.
>            Assignee: Sean Bright
>              Labels: security
>
> If we include the OPUS codec as part of an installation, it is sourced as follows:
> codec_opus: Downloading http://downloads.digium.com/pub/telephony/codec_opus/asterisk-19.0/x86-64/codec_opus-19.0_1.3.0-x86_64.tar.gz to /tmp/tmp.MzytcugTdk/codec_opus-19.0_1.3.0-x86_64.tar.gz
> As there is a valid SSL certificate for downloads.digium.com, should this not use https instead?
> I can see references to other http URLs in the source, so this may apply to other components.
> This was only noticed as a problem where this installation was at a site that does not allow access to public http sites. Manually changing the "remote_url" value in build_tools/download_externals resolved the problem.



--
This message was sent by Atlassian JIRA
(v6.2#6252)



More information about the asterisk-bugs mailing list