Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Validate SSL Certs in XMLRPC Client Library #49

Closed
choksi81 opened this issue May 24, 2014 · 2 comments
Closed

Validate SSL Certs in XMLRPC Client Library #49

choksi81 opened this issue May 24, 2014 · 2 comments
Assignees
@choksi81

Comments

@choksi81
Copy link
Contributor

The SeattleGENI XMLRPC Client Library (https://seattle.cs.washington.edu/wiki/SeattleGeniClientLib) currently talks to our XMLRPC frontend server over HTTPS (SSL), but does not validate nor check the server's SSL certificate. This is very insecure, as it allows for man-in-the-middle attacks via self-signed certs.

A possible solution would be to use a 3rd-party package, such as M2Crypto to handle SSL certificate checking. Or, python 2.6+ also supports SSL cert verification. The tricky part will be finding where SSL root certs exist on the system; in order to verify the cert chain.
@choksi81 choksi81 self-assigned this May 24, 2014
@choksi81
Copy link
Contributor Author

Author: jsamuel
I'm taking over all seattlegeni tickets for now.

@choksi81
Copy link
Contributor Author

Author: jsamuel
Fixed in r3127. Add support for using M2Crypto.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@choksi81 choksi81

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@choksi81