Hi, Since the OSM updates diff support only http, I cannot update the OSM database in my production environment due to security issue. It is vulnerable to MITM(Man-In-The-Middle) attack. When I tried https url, it redirects to http url. https://planet.openstreetmap.org/replication/day/000/000/ Is there any specific reason for not having https support ? It would be great, if OSM gives support https. And also OSM may add md5check sum details in the xx_state.txt files. Thanks, Ramesh asked 07 Apr '15, 08:03  rameshj closed 08 Apr '15, 04:23  aseerel4c26 ♦ |
The question has been closed for the following reason “Problem is outdated – problem has been fixed by server admins (HTTPS works now as expected)” by aseerel4c26 08 Apr ‘15, 04:23
2 Answers:
your URL works for me (current Firefox 37.0.1) – no redirect to HTTP. I could download the arbitrarily chosen https://planet.openstreetmap.org/replication/day/000/000/012.osc.gz . answered 08 Apr '15, 03:56 aseerel4c26 ♦ |
https has a slightly higher resource consumption and is not as easily cachable as HTTP. Also you need to purchase a SSL certificate. All factors that add cost. You might have to use a workaround on your environment. Maybe you can setup and additional server that passes through the data from openstreetmap.org through a SSL channcel. Adding a md5 checksum to the files seams reasonable. You might want to ask operations@osmfoundation.org answered 07 Apr '15, 10:24  AddisMap_Ale... 1 not really … OSM already has a wildcard certificate *.openstreetmap.org which is used for e.g. https://www.openstreetmap.org/ and for this help site. (08 Apr '15, 03:53) aseerel4c26 ♦ |
I raised a ticket yesterday and OSM fixed it very quickly. Thanks to OSM team. Special Thanks to Tom Hughes !
Okay, fine, thanks! There it is: https://trac.openstreetmap.org/ticket/5302
Next time, please provide cross links to such new (and old) locations.