[pve-devel] [PATCH manager 2/2] enable certificate pinning for proxied requests

Dietmar Maurer dietmar at proxmox.com
Wed Nov 16 16:08:19 CET 2016


comments inline:

> +sub check_cert_fp {
> +    my ($fp) = @_;
> +
> +    my $check = sub {
> +	for my $expected (keys %$cert_cache_fingerprints) {
> +	    return 1 if $fp eq $expected;
> +	}
> +	return 0;
> +    };
> +
> +    return 1 if &$check();
> +
> +    # refresh cache and retry once
> +    update_cert_cache();

I guess it would make sense to limit reloads somehow, for
example to one reload per minute?

> +    return &$check();
> +}




More information about the pve-devel mailing list