[pve-devel] applied: [PATCH common] fix #2023: Switch to https for yubico.com API

Thomas Lamprecht t.lamprecht at proxmox.com
Tue Feb 19 14:30:13 CET 2019


On 2/18/19 11:59 AM, Rhonda D'Vine wrote:
> Signed-off-by: Rhonda D'Vine <rhonda at proxmox.com>
> ---
>  src/PVE/OTP.pm | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/src/PVE/OTP.pm b/src/PVE/OTP.pm
> index c062639..019076b 100644
> --- a/src/PVE/OTP.pm
> +++ b/src/PVE/OTP.pm
> @@ -55,7 +55,7 @@ sub yubico_verify_otp {
>  
>      die "yubico: wrong OTP length\n" if (length($otp) < 32) || (length($otp) > 48);
>  
> -    $url = 'http://api2.yubico.com/wsapi/2.0/verify' if !defined($url);
> +    $url = 'https://api2.yubico.com/wsapi/2.0/verify' if !defined($url);
>  
>      my $params = {
>  	nonce =>  Digest::SHA::hmac_sha1_hex(time(), rand()),
> 

applied, but renamed subject to "partially fix..." as only the switch to
https was done, but not the:
> To ensure high-availability, configure your client to simultaneously issue
> requests to all five addresses and accept the first successful reply.
part. Here it may be easier to hope that the promised "single highly-available
endpoint" appears relative soon and we spare us the complexity of doing multiple
simultaneous calls to their possible API endpoints.



More information about the pve-devel mailing list