|
|
|
|
|
|
by djhworld
1234 days ago
|
|
|
One thing I'd neglected to mention in the post is the sidecar uses a public DNS resolver to get the actual t.co link, but it's making the assumption that Go's stdlib enforces this: https://github.com/djhworld/theunwrapper/blob/main/unwrap/un... and doesn't fallback to the system one. So there is that issue....I guess one way to mitigate it would be to run the sidecar out of the network, or at least have a clean DNS config and not have my custom CA in the root store...i.e. you'd want to be double sure you're going to the real thing and only accepting trusted certs signed by a trusted root. |
|
|