New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for checking the fingerprint of self-signed SSL certs #60

Closed
wants to merge 1 commit into
base: master
from

Conversation

Projects
None yet
3 participants
@sinbad
Copy link

sinbad commented Mar 12, 2018

Discussed with @novabyte on Gitter, sounds like this could be useful.

I wanted to have some checking of SSL certs even though I was using a self-signed certificate, so I've added the ability to provide a list of cert fingerprints that are considered acceptable. Example usage:

        var client = new NClient.Builder(sb.ToString())
            .Host("your.host.com")
            .Port(443)
            .SSL(true)
            .SSLAcceptAllCertificates(false)
            .SSLValidKeyFingerprints(new string[] { "9E10ACEB4DD13F0FD3E187C3CBC270605EA65031" })
            .Build();

It defaults to the previous behaviour to accept all certificates so as not to break anything, although I really think the default should be the opposite at some point to encourage better security.

Hope it's useful!

Add support for checking the fingerprint of self-signed SSL certs
Defaults to previous behaviour of allowing all SSL certs, but this can now be
turned off and only specific fingerprints accepted, so that bad actors can't
perform man-in-the-middle attacks with their own certs
@MarcusRiemer

This comment has been minimized.

Copy link

MarcusRiemer commented Jun 28, 2018

Is there any ETA for this? Or any reason why this shouldn't be merged?

@novabyte

This comment has been minimized.

Copy link
Member

novabyte commented Jun 28, 2018

@MarcusRiemer Since the launch of the new client I've separated out this work into a separate commit which will be completed tomorrow. And incorporated as part of the release. 😄

@novabyte

This comment has been minimized.

Copy link
Member

novabyte commented Aug 17, 2018

This was added in the 2.1.0 release.

@novabyte novabyte closed this Aug 17, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment