provider.json is downloaded before ca.cert
Right now, provider.json is being downloaded before CA certificate.
That's a problem because we cannot validate provider.json download using Provider CA, which would lead to a security flaw.
Given that ca.cert will always be at the same location independently of the provider, there is no problem to harcode the url and download it first.
(from redmine: created on 2013-10-10, closed on 2013-12-12)
- Relations:
- parent #3361 (closed)