m10x
commented
1 day ago 4.2.1 seems to be the lastest one available at https://repo.maven.apache.org/maven2/de/rub/nds/protocol-toolkit-bom/ but 4.2.4 is referenced
Closed m10x closed 1 day ago
m10x
commented
1 day ago 4.2.1 seems to be the lastest one available at https://repo.maven.apache.org/maven2/de/rub/nds/protocol-toolkit-bom/ but 4.2.4 is referenced
m10x
commented
1 day ago Why is it even installing ModifiableVariable, X509-Attacker, ASN-1.Tool and TLS-Attacker? Wouldn't it be enough to only install TLS-Scanner as shown at https://github.com/tls-attacker/TLS-Scanner?tab=readme-ov-file#compiling ?
ic0ns
commented
1 day ago I think the issue is that originally we were always motivated to keep all public repositories compatible with each other. I think ~2 years ago we introduced the BOM project which allowed us to better break this symmetry. The docker file still assumed that the project is in "the old world" where everything public is compatible with each other - which is not necessarily the truth anymore, especially since we do not have private repositories for some of the projects. In these projects, the public repo is only compatible with our private internal projects. We have this (kind of awkward) setup to avoid leaking 0days and ongoing research before issues are fixed. Your PR should fix this for good.
When trying to build the dockerfile, mvn throws an error because of ASN.1-Tool