Remove default cert approval callback in PKIClient #4809
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Previously the PKIClient class had a default cert approval callback which would only warn the user if it receives a cert with a BAD_CERT_DOMAIN but still allow it, or ask the user whether to trust an UNTRUSTED_ISSUER. On the client side (e.g. CLI, console) this is fine since the user is actively interacting with the application, but on the server side (e.g. authenticators) there are no users constantly monitoring the logs so the cert verification needs to be more stringent. To resolve the issue, the default cert approval callback in PKIClient has been removed such that certs with BAD_CERT_DOMAIN or UNTRUSTED_ISSUER will automatically be rejected. On the server side PKIClient will be used without a cert approval callback. On the client side it will be used with an interactive callback. Previously some of ACME tests were using the default issuer URL which contains localhost.localdomain hostname so it actually generated BAD_CERT_DOMAIN errors. They have been updated to use the proper CA hostname.
|
|
@fmarco76 Thanks! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Previously the
PKIClientclass had a default cert approval callback which would only warn the user if it receives a cert with aBAD_CERT_DOMAINbut still allow it, or ask the user whether to trust anUNTRUSTED_ISSUER.On the client side (e.g. CLI, console) this is fine since the user is actively interacting with the application, but on the server side (e.g. authenticators) there are no users constantly monitoring the logs so the cert verification needs to be more stringent.
To resolve the issue, the default cert approval callback in
PKIClienthas been removed such that certs withBAD_CERT_DOMAINorUNTRUSTED_ISSUERwill automatically be rejected. On the server sidePKIClientwill be used without a cert approval callback. On the client side it will be used with an interactive callback.Previously some of ACME tests were using the default issuer URL which contains
localhost.localdomainhostname so it actually generatedBAD_CERT_DOMAINerrors. They have been updated to use the proper CA hostname.