Opened 7 years ago
Closed 7 years ago
#15101 closed enhancement (wontfix)
Add option to disable SSL cert validation for imagery downloads.
| Reported by: | eladner | Owned by: | team |
|---|---|---|---|
| Priority: | normal | Milestone: | |
| Component: | Core imagery | Version: | |
| Keywords: | imagery ssl | Cc: |
Description
This is not specific to a particular version, but an enhancement request. Some companies do bizarre things at the firewall level to incoming SSL traffic. This can play havoc with some applications. The one casualty I've seen so far is imagery that's transferred over an SSL connection. I can't pinpoint what the issue is exactly, but it doesn't affect any other functionality in JOSM.
Having an option to ignore cert validations for imagery downloads (similar to wget's --no-check-certificate or curl's --insecure) would circumvent that problem and doesn't present much of a security risk. It's read only data that is publicly available anyway. I'm not sure what the SSL does for imagery services other than incur extra CPU time on the server and client for encryption/decryption.
Attachments (0)
Change History (2)
comment:1 by , 7 years ago
comment:2 by , 7 years ago
| Resolution: | → wontfix |
|---|---|
| Status: | new → closed |
Now that proper TLS support is spreading adding a workaround for special cases would be the wrong sign. Broken company TLS inspectors should either be removed or the local keystores have to be adapted to accept the changed certificates.
Replying to eric.ladner@…:
You can always change the imagery URL from
httpstohttpin the imagery preferences. Other than that, I'm not a big fan of breaking and circumventing reasonable security features.It is about privacy. Some people are more sensitive about this topic than others.