Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement SSL certificates in the iQueryable branch #8

Closed
matteobortolazzo opened this issue Mar 25, 2019 · 7 comments
Closed

Implement SSL certificates in the iQueryable branch #8

matteobortolazzo opened this issue Mar 25, 2019 · 7 comments

Comments

@matteobortolazzo
Copy link
Owner

Hi @borigas

if you have free time, can you help me with the SSL cert?
It's something I'm not familiar with so I don't know what to copy and how to test it.

Thank you :)
@borigas
Copy link
Collaborator

borigas commented Mar 25, 2019
edited

Sure. Anything specific?

Here's the official docs on how to configure SSL for the CouchDb server. If you use a certificate that passes the default validation (trusted cert, machine name matches, valid dates, etc), everything should just work over SSL. But if you're cert fails the default validation (self-signed cert like in their instructions, machine name doesn't match, expired, etc), HttpClient won't allow the connection. One way around that is configuring Flurl to do custom certificate validation at the app level as mentioned in #4.

FlurlHttp.ConfigureClient(serverUri.ToString(), c =>
{
    c.Settings.HttpClientFactory = new CertClientFactory();
});

public class CustomCertClientFactory : DefaultHttpClientFactory
{
    public override HttpMessageHandler CreateMessageHandler()
    {
        return new HttpClientHandler()
        {
            ServerCertificateCustomValidationCallback = (message, cert, chain, errors) =>
            {
                // TODO Implement actual cert validation
                return true;
            }
        };
    }
}

@matteobortolazzo
Copy link
Owner Author

So, with this code it will always validate the certificate?
Is it safe?

@matteobortolazzo
Copy link
Owner Author

Sorry stupid question, is up to the user use a valid certificate.
Thank you!

@borigas
Copy link
Collaborator

borigas commented Mar 25, 2019

Exactly, this code will always accept any cert presented, so it's not safe. As it sits in my above code snippet, the SSL would provide encryption, but not validate that the server is who you expect. It's up to the user to implement cert validation at that TODO to decide whether it will accept the certificate

@matteobortolazzo
Copy link
Owner Author

matteobortolazzo commented Mar 25, 2019
edited

I'll add a "IgnoreCertificateValidation" and "ConfigureCertificateValidation(func)" so user can decide what to do.

@matteobortolazzo
Copy link
Owner Author

@borigas
The iQueryable should be almost ready for release if you want to test something or if you have any suggestions.

@matteobortolazzo
Copy link
Owner Author 

var client = new CouchClient(
    "http://localhost:5984", s => s
        .ConfigureCookieAuthentication("root", "relax")
        .IgnoreCertificateValidation()
   );

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@borigas @matteobortolazzo