Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for checking the fingerprint of self-signed SSL certs #60

Closed
wants to merge 1 commit into from

Conversation

sinbad
Copy link

@sinbad sinbad commented Mar 12, 2018

Discussed with @novabyte on Gitter, sounds like this could be useful.

I wanted to have some checking of SSL certs even though I was using a self-signed certificate, so I've added the ability to provide a list of cert fingerprints that are considered acceptable. Example usage:

        var client = new NClient.Builder(sb.ToString())
            .Host("your.host.com")
            .Port(443)
            .SSL(true)
            .SSLAcceptAllCertificates(false)
            .SSLValidKeyFingerprints(new string[] { "9E10ACEB4DD13F0FD3E187C3CBC270605EA65031" })
            .Build();

It defaults to the previous behaviour to accept all certificates so as not to break anything, although I really think the default should be the opposite at some point to encourage better security.

Hope it's useful!

Defaults to previous behaviour of allowing all SSL certs, but this can now be
turned off and only specific fingerprints accepted, so that bad actors can't
perform man-in-the-middle attacks with their own certs
@MarcusRiemer
Copy link

Is there any ETA for this? Or any reason why this shouldn't be merged?

@novabyte
Copy link
Member

@MarcusRiemer Since the launch of the new client I've separated out this work into a separate commit which will be completed tomorrow. And incorporated as part of the release. 😄

@novabyte
Copy link
Member

This was added in the 2.1.0 release.

@novabyte novabyte closed this Aug 17, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants