use https url in extension pack download link
use https url in extension pack download link
The link I am presented with for downloading the extension pack is http://download.virtualbox.org/virtualb ... ox-extpack
Please update this to an https link.
Thanks.
Please update this to an https link.
Thanks.
Last edited by bigbor on 8. Feb 2018, 13:24, edited 1 time in total.
-
- Site Moderator
- Posts: 27329
- Joined: 22. Oct 2010, 11:03
- Primary OS: Mac OS X other
- VBox Version: PUEL
- Guest OSses: Win(*>98), Linux*, OSX>10.5
- Location: Greece
Re: use https url in extension pack download link
Where did you get that link? The link in the Downloads page points to the https one...
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Re: use https url in extension pack download link
from a pop-up in the application.
- Attachments
-
- Screen_Shot_2018_02_07_at_10_02_39_AM.png (71.24 KiB) Viewed 4012 times
Last edited by mpack on 8. Feb 2018, 15:57, edited 1 time in total.
Reason: Replace URL with local image attachment.
Reason: Replace URL with local image attachment.
-
- Site Moderator
- Posts: 39134
- Joined: 4. Sep 2008, 17:09
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Mostly XP
Re: use https url in extension pack download link
Please be specific about what you do in "the application" to provoke this "popup", because I don't recall ever seeing this.
-
- Site Moderator
- Posts: 27329
- Joined: 22. Oct 2010, 11:03
- Primary OS: Mac OS X other
- VBox Version: PUEL
- Guest OSses: Win(*>98), Linux*, OSX>10.5
- Location: Greece
Re: use https url in extension pack download link
That looks like the "Network Operations Manager" of VirtualBox. I know because I've translated the strings, and that's the only time I've ever used it. I am not sure if what you're seeing is a static message or not, but the truth of the matter is that 5.2.6 came before the downloads site switched to https operations. You can download it from the Downloads page via https, or you can use the SHA256 checksum to make sure it's not tampered with.
I expect this to be changed in the next minor release.
I expect this to be changed in the next minor release.
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
-
- Volunteer
- Posts: 1631
- Joined: 25. May 2010, 23:48
- Primary OS: Mac OS X other
- VBox Version: PUEL
- Guest OSses: Assorted Linux, Windows Server 2012, DOS, Windows 10, BIOS/UEFI emulation
Re: use https url in extension pack download link
I have seen that dialog before (albeit wasn't concerned with the difference between http and https) and one way you can provoke it is as follows:
- You need a mismatch in versions between VirtualBox and the extension pack. As a test I just installed 5.2.4 extensions into 5.2.6 on Windows but I guess you would have the same effect if you did a manual installation of a newer version of VirtualBox without uninstalling the old one first.
- Start VirtualBox and run "Check for updates..."
- Once you get through the VirtualBox version check (in the test it said I had the latest version installed) it then pops up a dialog saying "You have an old version (5.2.4) of the Oracle VM VirtualBox extension pack installed. Do you wish to download the latest one from the internet?
- Click download and the OPs dialog is displayed
- Meh, other people can type faster than me!
- Clicking on the Download button downloads it directly in VirtualBox, clicking on the hyperlink in the dialog text downloaded it in the web browser!
My crystal ball is currently broken. If you want assistance you are going to have to give me all of the necessary information.
Please don't ask me to do your homework for you, I have more than enough of my own things to do.
Please don't ask me to do your homework for you, I have more than enough of my own things to do.
-
- Site Moderator
- Posts: 39134
- Joined: 4. Sep 2008, 17:09
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Mostly XP
Re: use https url in extension pack download link
@bigbor: I think the first post is missing a couple of things, for example why do you care whether the link says http or https? (The software is secured with a certificate regardless of where it was downloaded from).
-
- Site Moderator
- Posts: 27329
- Joined: 22. Oct 2010, 11:03
- Primary OS: Mac OS X other
- VBox Version: PUEL
- Guest OSses: Win(*>98), Linux*, OSX>10.5
- Location: Greece
Re: use https url in extension pack download link
The installers for Windows and OSX are. Not the rest of them AFAIK, and not the ExtPack, which is a glorified gzip.
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
-
- Site Moderator
- Posts: 39134
- Joined: 4. Sep 2008, 17:09
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Mostly XP
Re: use https url in extension pack download link
I'm not sure I see what you're saying there. Obviously the extpack installer can't be signed because there isn't one. But, each individual Windows DLL from the extension pack is digitally signed. I have no way to check the signatures on objects that aren't executable in Windows so can't comment on those.socratis wrote:and not the ExtPack, which is a glorified gzip.
Re: use https url in extension pack download link
Awesome.socratis wrote:I expect this to be changed in the next minor release.
Thanks.
Re: use https url in extension pack download link
It is already changed in the test builds... we were aware of this. For years. The GUI always downloaded the extpack in a secure way: it used the http link to get the data (because until very shortly before the 5.2.6 release the download server wouldn't offer https, so it would've been too risky), and checked the downloaded data against a SHA256 hash retrieved over https.