View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0002756 | unreal | ircd | public | 2006-01-21 16:50 | 2007-04-27 03:44 |
| Reporter | JasonTik | Assigned To | |||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | resolved | Resolution | duplicate | ||
| OS | * | OS Version | * | ||
| Product Version | 3.2.4 | ||||
| Summary | 0002756: SSL and Remote includes | ||||
| Description | [15:43:59] -bsd.cbcgonline.com- *** Notice -- error: unrealircd.conf:1: include: error downloading 'https://192.168.1.253/~ircd/Opers.conf': SSL certificate problem, verify that the CA cert is OK. Details: I dont get any details. Unreal should allow the user to decide whether a valid certificate is required to include the file. | ||||
| Tags | No tags attached. | ||||
| 3rd party modules | |||||
|
|
Yeah I don't know why it does dat 'details:' thing, but.. I don't think the details are important in this case.. It clearly says it's not a trusted certificate etc :p. I won't put the option to not to check the certificate in Unreal this release, I'm even debating on wheter to ever implement it.. ;) Reason is: you make SSL near-completely useless (take a wild guess why self-signed certificates are often refered to as snakeoil certs).. You will be safe from passive attacks, but with a very simple active attack you can make the encryption completely useless and sniff all the data (and even return some kind of configfile made by the bad guy instead of the one you requested). But, there's hardly any documentation on how to properly import / add a cert, I think adding this would be a good idea, maybe some kind of small howto, who knows... ;p. I think that would be a better approach. |
|
|
Then dont prefrom any checks on the domain or whatever. And check if 1) trusted, or 2) signed by unreal's cert. Thats at least more doable. Or let me give unreal a fingerprint for a key to trust. |
|
|
Huh? Well nm... I'll just do what I have in mind (post-3.2.4).. it's probably not too far off from what you have in mind :P |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2006-01-21 16:50 | JasonTik | New Issue | |
| 2006-01-21 18:27 | syzop | Note Added: 0010997 | |
| 2006-01-21 20:06 | JasonTik | Note Added: 0010999 | |
| 2006-01-21 20:10 | syzop | Note Added: 0011000 | |
| 2006-01-21 20:10 | syzop | Note Edited: 0011000 | |
| 2006-01-21 20:10 | syzop | Note Edited: 0011000 | |
| 2007-04-27 03:44 |
|
Relationship added | duplicate of 0001827 |
| 2007-04-27 03:44 |
|
Duplicate ID | 0 => 1827 |
| 2007-04-27 03:44 |
|
Status | new => resolved |
| 2007-04-27 03:44 |
|
Resolution | open => duplicate |
| 2007-04-27 03:44 |
|
Assigned To | => stskeeps |
