Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
TLS/SSL certificate verification #339
NZBGet supports TLS/SSL for communication with news and web servers. Connections are encrypted but the implementation lacks an important step - server certificate verification. As a result the security is reduced, in particular undetectable Man-in-the-Middle attacks (MitM) are possible.
Further details can be found in discussion #332.
To improve security NZBGet should implement server certificate verification, including hostname validation.
NZBGet can be compiled with either OpenSSL or GnuTLS. Since these two libraries have different API the certificate verification in NZBGet requires two implementations.