Zuckerberg
ce9bda8a0b
All checks were successful
Check Flake / check-flake (push) Successful in 3m20s
The server list endpoint returns JSON on line 1 with a base64-encoded RSA-SHA256 signature on lines 3+. This was previously ignored. Add verifyServerList() that checks the signature against PIA's public signing key before trusting the data. On failure the service aborts and systemd restarts it. Also bump RestartSec to 5m to avoid hammering PIA servers on repeated failures, and add openssl to container dependencies.
10 lines
451 B
Plaintext
10 lines
451 B
Plaintext
-----BEGIN PUBLIC KEY-----
|
|
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzLYHwX5Ug/oUObZ5eH5P
|
|
rEwmfj4E/YEfSKLgFSsyRGGsVmmjiXBmSbX2s3xbj/ofuvYtkMkP/VPFHy9E/8ox
|
|
Y+cRjPzydxz46LPY7jpEw1NHZjOyTeUero5e1nkLhiQqO/cMVYmUnuVcuFfZyZvc
|
|
8Apx5fBrIp2oWpF/G9tpUZfUUJaaHiXDtuYP8o8VhYtyjuUu3h7rkQFoMxvuoOFH
|
|
6nkc0VQmBsHvCfq4T9v8gyiBtQRy543leapTBMT34mxVIQ4ReGLPVit/6sNLoGLb
|
|
gSnGe9Bk/a5V/5vlqeemWF0hgoRtUxMtU1hFbe7e8tSq1j+mu0SHMyKHiHd+OsmU
|
|
IQIDAQAB
|
|
-----END PUBLIC KEY-----
|