[pve-devel] [PATCH manager 2/2] enable certificate pinning for proxied requests
Dietmar Maurer
dietmar at proxmox.com
Wed Nov 16 16:08:19 CET 2016
comments inline:
> +sub check_cert_fp {
> + my ($fp) = @_;
> +
> + my $check = sub {
> + for my $expected (keys %$cert_cache_fingerprints) {
> + return 1 if $fp eq $expected;
> + }
> + return 0;
> + };
> +
> + return 1 if &$check();
> +
> + # refresh cache and retry once
> + update_cert_cache();
I guess it would make sense to limit reloads somehow, for
example to one reload per minute?
> + return &$check();
> +}
More information about the pve-devel
mailing list