Use https for update checks and verify hash of downloaded executable #4716

Closed
nvaccessAuto opened this Issue Dec 20, 2014 · 10 comments

Projects

None yet

2 participants

@nvaccessAuto

Reported by jteh on 2014-12-20 01:23
Now that Python 2.7.9 verifies https certificates, we should move to using https for update checks. This will prevent MITM attacks for update checks. We should also include a hash for the executable in the update check response and verify it once downloaded to prevent MITM attacks for the download itself.

This requires changes in both NVDA and the server.
Blocked by #4715
Blocking #4803

@nvaccessAuto

Comment 1 by jteh on 2015-01-12 09:16
Server changes are done.

@nvaccessAuto

Comment 2 by James Teh <jamie@... on 2015-01-13 07:47
In [9bc81f7]:

Merge branch 't4716' into next

Incubates #4716.

Changes:
Added labels: incubating

@nvaccessAuto

Comment 3 by leonarddr on 2015-01-14 08:08
Currently, NVDA next-11478,349a1b9 reports an error when checking for updates.
DEBUGWARNING - updateCheck.UpdateChecker._bg (09:06:08): Error checking for update Traceback (most recent call last): File "updateCheck.pyc", line 103, in _bg File "updateCheck.pyc", line 70, in checkForUpdate File "urllib.pyc", line 87, in urlopen File "urllib.pyc", line 213, in open File "urllib.pyc", line 443, in open_https File "httplib.pyc", line 997, in endheaders File "httplib.pyc", line 850, in _send_output File "httplib.pyc", line 812, in send File "httplib.pyc", line 1216, in connect File "ssl.pyc", line 350, in wrap_socket File "ssl.pyc", line 566, in __init__ File "ssl.pyc", line 788, in do_handshake IOError: [socket error](Errno) [CERTIFICATE_VERIFY_FAILED](SSL:) certificate verify failed (_ssl.c:581)

@nvaccessAuto

Comment 5 by nvdakor on 2015-01-14 18:14
Hi,
A number of people are reporting that after next.11478, certificate validation fails when trying to retrieve an update and snapshot page itself doesn't show newer updates.
Thanks.

@nvaccessAuto

Comment 6 by nvdakor on 2015-01-15 01:26
Hi,
It appears that custom certificate might be sitting somewhere. Google searches point out that if you use custom certificates, Python 2.7.9's SSL module will throw the IOError described in #4803.
Pages of interest:

@nvaccessAuto

Comment 7 by jteh (in reply to comment 6) on 2015-01-15 03:07
Replying to nvdakor:

It appears that custom certificate might be sitting somewhere.

Thanks for the research. The issues you mentioned relate to a custom certificate location on Unix or self-signed certificates. Neither of these is the case here. However, the lack of intermediate certificates on our server as discussed in #4803 could be the problem. I've fixed this now, so I'm awaiting feedback on #4803.

@nvaccessAuto

Comment 8 by James Teh <jamie@... on 2015-01-16 07:11
In [5950250]:

Merge branch 't4716' into next

Incubates #4716. Fixes #4803.

@nvaccessAuto

Comment 9 by James Teh <jamie@... on 2015-01-16 07:59
In [32fcf6a]:

Merge branch 't4716' into next

Incubates #4716.

@nvaccessAuto

Comment 10 by James Teh <jamie@... on 2015-01-30 05:25
In [447fadb]:

Downloading of NVDA updates is now more secure. (Specifically, the update information is retrieved via https and the hash of the file is verified after it is downloaded.)

Fixes #4716.

Changes:
Removed labels: incubating
State: closed

@nvaccessAuto

Comment 11 by jteh on 2015-01-30 05:26
Changes:
Milestone changed from None to 2015.1

@jcsteh jcsteh was assigned by nvaccessAuto Nov 10, 2015
@nvaccessAuto nvaccessAuto added this to the 2015.1 milestone Nov 10, 2015
@jcsteh jcsteh added a commit that referenced this issue Nov 23, 2015
@jcsteh jcsteh Downloading of NVDA updates is now more secure. (Specifically, the up…
…date information is retrieved via https and the hash of the file is verified after it is downloaded.)

Fixes #4716.
447fadb
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment