Support HTTP Strict Transport Security
Closed this issue · 1 comments
laurivosandi commented
Currently insecure
flag in /etc/certidude/client.conf
specifies whether CA should be contacted over HTTP or HTTPS. Instead of such static configuration we should support HSTS.
Possible implementation on the client side would perform first request over HTTP and if server redirects to HTTPS and returns with HSTS headers create a file eg /var/lib/certidude/ca.example.com/secure. If such file exists further requests would be performed over HTTPS by default.
laurivosandi commented
Fixed with b9aaec7, once CA cert is fetched the client always approaches CA over HTTPS