#1 2021-03-02 12:39:51

mpv
Member
From: Ukraine
Registered: 2012-03-24
Posts: 1,298
Website

Dangerous IgnoreSSLCertificateErrors defaults

THttpRequest helper methods Get, Post, Put and Delete uses a IgnoreSSLCertificateErrors=true by default in both mORMot1 & 2

This can cause a very dangerous security issues (we can retrieve some data from a fake server etc.)

I understand what for testing purpose it is useful to use a self-signed certificates etc, but it's easy to forgot to change a IgnoreSSLCertificateErrors value to true before going to production (today I found what I did it in one of my deployment)

@ab - I propose to sets it to false by default in mORMot2 (or may in introduce some ifdef DANGAROUS_SSL_ERROR_IGNORE)

Cyber security is very important in today's era

Offline

#2 2021-03-02 14:51:58

chapa
Member
Registered: 2012-04-30
Posts: 117

Re: Dangerous IgnoreSSLCertificateErrors defaults

Hi,
I would like also to be able to retrieve server certificate info. Is there a way to do so?
Having this, I can check whenever there is a proxifier and/or fiddler between the App and the Server to sniff https traffic.

Offline

#3 2021-03-02 16:59:54

mpv
Member
From: Ukraine
Registered: 2012-03-24
Posts: 1,298
Website

Re: Dangerous IgnoreSSLCertificateErrors defaults

You do not need server certificate info for this - if anybody uses MITM (replace a real server sertificate by self signed one), then server certificate will not match domain you request, so in strictSSL mode you got an error.
This not happens only in case MITM's CA certificate is injected into trusted certificates (on OS level for WinHTTP / SSL level for Curl) for your operation system - this is what Chaina done or  Kazakhstan tries to do, or Fortinet in corporate environment did

As far as I know TLS certificate info can be obtained using openssl, at last form command line you can
```
echo | openssl s_client -showcerts -servername gnupg.org -connect gnupg.org:443 2>/dev/null | openssl x509 -inform pem -noout -text
```

Last edited by mpv (2021-03-02 17:03:21)

Offline

#4 2021-03-02 18:44:49

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 13,170
Website

Re: Dangerous IgnoreSSLCertificateErrors defaults

IgnoreSSLCertificateErrors is now set to false for mORMot 2.
I didn't change it for mORMot 1 because it would break existing code.

Note that TCrtSocket has by default IgnoreSSLCertificateErrors=false for its SChannel/OpenSSL TLS layer.

Offline

#5 2021-03-02 20:06:56

mpv
Member
From: Ukraine
Registered: 2012-03-24
Posts: 1,298
Website

Re: Dangerous IgnoreSSLCertificateErrors defaults

Thanks!

Offline

#6 2021-07-19 16:24:34

danielkuettner
Member
From: Germany
Registered: 2014-08-06
Posts: 303

Re: Dangerous IgnoreSSLCertificateErrors defaults

Where can I set IgnoreSSLCertificateErrors to true for MongoClient?

Offline

#7 2021-07-21 10:43:02

danielkuettner
Member
From: Germany
Registered: 2014-08-06
Posts: 303

Re: Dangerous IgnoreSSLCertificateErrors defaults

TMongoConnection.Open were the right place, but constructor hasn't a param for it.

Offline

#8 2021-07-21 20:05:07

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 13,170
Website

Re: Dangerous IgnoreSSLCertificateErrors defaults

I have added new TMongoClient.ConnectionTlsContext and ConnectionTunnel parameters to unit mormot.db.nosql.mongodb.

It would allow to set all TLS and Proxy needed configuration, including IgnoreSSLCertificateErrors.

Offline

#9 2021-07-22 09:18:28

danielkuettner
Member
From: Germany
Registered: 2014-08-06
Posts: 303

Re: Dangerous IgnoreSSLCertificateErrors defaults

Thank you!

Offline

Board footer

Powered by FluxBB