don't build with openssl support (make .... SSLFLAGS= ....)
(with openSSL support compiled, the github ssl secured web release page is still the default source used by the updater)
set the new ini file variable updaterURL to a url
The default url which is used for the non-ssl build is http://fgcom.hallinger.org/version.php (which is also newly supplied for the server part, see below)
There is also a new plugin client updater test tool in the tools dir, but it's not built by default.
The server part was enhanced by a new version.php file, that hardcoded fetches and prepares the version info for the plugin based on the github release info.
It is intended to be served with http only for that purpose.
This way, we theoretically can get rid of linking the plugin against openssl (until the mumble API allows us to do SSL webcalls).
:information_source:
Note, that SSL adds security (the (already public!) information which version is recent is not encrypted then), but as the previous code was implemented, we accepted any server certificate. So this was just security by obscurity anyways. The updater code just tries to see if there is a new version.
The new NoSSL-updatechecker fetches a webpage and parses structured information. While someone malicious could inject a different website as man-in-the-middle to supply different information, this should not be a problem, as the NoSSL-checker just returns version strings, and the update download url is constructed hardcoded against the github project home release files. (in other words: it can be faked into assuming a different upstream version, but it cannot be forced to download from a source other than github)
This adds:
make .... SSLFLAGS= ....
) (with openSSL support compiled, the github ssl secured web release page is still the default source used by the updater)updaterURL
to a url The default url which is used for the non-ssl build is http://fgcom.hallinger.org/version.php (which is also newly supplied for the server part, see below)version.php
file, that hardcoded fetches and prepares the version info for the plugin based on the github release info. It is intended to be served with http only for that purpose. This way, we theoretically can get rid of linking the plugin against openssl (until the mumble API allows us to do SSL webcalls).:information_source: