@@ -94,10 +94,14 @@ return false } return true } + + proc _verifySignatureAndCertificate {certificate signature} { + return true + } proc _normalizeOS {os} { set os [string tolower [string trim $os]] switch -- $os { @@ -227,15 +231,23 @@ db eval {INSERT OR REPLACE INTO sites (hostname, lastUpdate, ttl) VALUES ($hostname, $now, $::appfs::nttl);} return -code error "Unable to fetch $url" } - set indexhash [lindex [split $indexhash_data ","] 0] + set indexhash_data [split $indexhash_data ","] + set indexhash [lindex $indexhash_data 0] + set indexhashmethod [lindex $indexhash_data 1] + set indexhashcert [lindex $indexhash_data 2] + set indexhashsig [lindex $indexhash_data 3] if {![_isHash $indexhash]} { return -code error "Invalid hash: $indexhash" } + + if {![_verifySignatureAndCertificate $indexhashcert $indexhashsig]} { + return -code error "Invalid signature or certificate from $hostname" + } set file [download $hostname $indexhash] set fd [open $file] set data [read $fd] close $fd