Modify

Opened 3 months ago

Closed 3 months ago

#15101 closed enhancement (wontfix)

Add option to disable SSL cert validation for imagery downloads.

Reported by: eladner Owned by: team
Priority: normal Milestone:
Component: Core imagery Version:
Keywords: imagery ssl Cc:

Description

This is not specific to a particular version, but an enhancement request. Some companies do bizarre things at the firewall level to incoming SSL traffic. This can play havoc with some applications. The one casualty I've seen so far is imagery that's transferred over an SSL connection. I can't pinpoint what the issue is exactly, but it doesn't affect any other functionality in JOSM.

Having an option to ignore cert validations for imagery downloads (similar to wget's --no-check-certificate or curl's --insecure) would circumvent that problem and doesn't present much of a security risk. It's read only data that is publicly available anyway. I'm not sure what the SSL does for imagery services other than incur extra CPU time on the server and client for encryption/decryption.

Attachments (0)

Change History (2)

comment:1 in reply to:  description Changed 3 months ago by bastiK

Replying to eric.ladner@…:

This is not specific to a particular version, but an enhancement request. Some companies do bizarre things at the firewall level to incoming SSL traffic. This can play havoc with some applications. The one casualty I've seen so far is imagery that's transferred over an SSL connection. I can't pinpoint what the issue is exactly, but it doesn't affect any other functionality in JOSM.

You can always change the imagery URL from https to http in the imagery preferences. Other than that, I'm not a big fan of breaking and circumventing reasonable security features.

Having an option to ignore cert validations for imagery downloads (similar to wget's --no-check-certificate or curl's --insecure) would circumvent that problem and doesn't present much of a security risk. It's read only data that is publicly available anyway. I'm not sure what the SSL does for imagery services other than incur extra CPU time on the server and client for encryption/decryption.

It is about privacy. Some people are more sensitive about this topic than others.

comment:2 Changed 3 months ago by stoecker

Resolution: wontfix
Status: newclosed

Now that proper TLS support is spreading adding a workaround for special cases would be the wrong sign. Broken company TLS inspectors should either be removed or the local keystores have to be adapted to accept the changed certificates.

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain team.
as The resolution will be set.
The resolution will be deleted.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.