[FFmpeg-trac] #3905(undetermined:new): HTTPS SSL certificate for source.ffmpeg.org is broken
FFmpeg
trac at avcodec.org
Sat Aug 30 13:36:19 CEST 2014
#3905: HTTPS SSL certificate for source.ffmpeg.org is broken
-------------------------------------+-------------------------------------
Reporter: | Owner:
ahthovaikied | Status: new
Type: defect | Component:
Priority: normal | undetermined
Version: unspecified | Resolution:
Keywords: | Blocked By:
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
-------------------------------------+-------------------------------------
Comment (by ahthovaikied):
Replying to [comment:3 cehoyos]:
> Isn't the advantage of using https over http that you know the content
of the transmission was not changed?
That is only one part of what SSL has to offer when done right: integrity.
There is also authentication and confidentiality.
There is no point to guarantee the transmission was not changed, if you
can not guarantee it is coming from the server you think it is.
Replying to [comment:3 cehoyos]:
> You cannot change a git repository without anybody noticing because it
would change the version hashes.
That would only be seen if you try to push the compromised repository to a
non compromised one.
An attacker could still setup a trivial MITM attack, alter the source code
(and the hashes), and thus inject malicious code in the FFmpeg binary.
--
Ticket URL: <https://trac.ffmpeg.org/ticket/3905#comment:4>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list