New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

TLS/SSL certificate verification #339

Closed
hugbug opened this Issue Feb 14, 2017 · 0 comments

Comments

Projects
None yet
1 participant
@hugbug
Copy link
Member

hugbug commented Feb 14, 2017

NZBGet supports TLS/SSL for communication with news and web servers. Connections are encrypted but the implementation lacks an important step - server certificate verification. As a result the security is reduced, in particular undetectable Man-in-the-Middle attacks (MitM) are possible.

Further details can be found in discussion #332.

To improve security NZBGet should implement server certificate verification, including hostname validation.

NZBGet can be compiled with either OpenSSL or GnuTLS. Since these two libraries have different API the certificate verification in NZBGet requires two implementations.

Tasks:

  • general certificate verification when compiling with OpenSSL;
  • hostname verification when compiling with OpenSSL;
  • general certificate verification when compiling with GnuTLS;
  • hostname verification when compiling with GnuTLS;
  • integrate root certificate store file into Windows installer;
  • integrate root certificate store file into OSX installer;
  • integrate root certificate store file into Linux/FreeBSD installer;
  • optional: automatic refresh of root certificate store file during setup build;
  • write wiki page about how to deal with verification errors.

@hugbug hugbug added the feature label Feb 14, 2017

@hugbug hugbug added this to the v19 milestone Feb 14, 2017

hugbug added a commit that referenced this issue Feb 17, 2017

hugbug added a commit that referenced this issue Feb 17, 2017

hugbug added a commit that referenced this issue Feb 17, 2017

hugbug added a commit that referenced this issue Feb 18, 2017

hugbug added a commit that referenced this issue Feb 18, 2017

hugbug added a commit that referenced this issue Feb 19, 2017

hugbug added a commit that referenced this issue Feb 19, 2017

hugbug added a commit that referenced this issue Feb 20, 2017

@hugbug hugbug closed this Feb 20, 2017

hugbug added a commit to nzbget/nzbget.github.io that referenced this issue Jul 2, 2017

hugbug added a commit that referenced this issue Oct 9, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment