[pve-devel] [PATCH common] fix #2023: Switch to https for yubico.com API

Rhonda D'Vine rhonda at proxmox.com
Mon Feb 18 11:59:17 CET 2019


Signed-off-by: Rhonda D'Vine <rhonda at proxmox.com>
---
 src/PVE/OTP.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/PVE/OTP.pm b/src/PVE/OTP.pm
index c062639..019076b 100644
--- a/src/PVE/OTP.pm
+++ b/src/PVE/OTP.pm
@@ -55,7 +55,7 @@ sub yubico_verify_otp {
 
     die "yubico: wrong OTP length\n" if (length($otp) < 32) || (length($otp) > 48);
 
-    $url = 'http://api2.yubico.com/wsapi/2.0/verify' if !defined($url);
+    $url = 'https://api2.yubico.com/wsapi/2.0/verify' if !defined($url);
 
     my $params = {
 	nonce =>  Digest::SHA::hmac_sha1_hex(time(), rand()),
-- 
2.11.0




More information about the pve-devel mailing list