close
Comments you submit will be routed for moderation. If you have an account, please log in first.
Modify

Opened 5 years ago

Closed 2 years ago

#131 closed task (fixed)

Add SSL certificate authentication support

Reported by: damato Owned by:
Priority: normal Milestone: YAM 2.8
Component: MIME handling Version:
Severity: major Keywords:
Cc: OS Platform:
Blocked By: Blocking: 130
Release Notes:

Description (last modified by damato)

Currently, SSL certificates through SSL connections aren't verified. This may be considered a security flaw as it allows to initiate man-in-the-middle attacks due to unverified certificates. However, data on the way is still be encrypted and secured between the connection partner.

But for a real secure SSL implementation/use, YAM should highly consider providing functionality to carry common root certificates and to always verify that the certificate of the connection partner is valid and matches the host the user wants to connect. However, this requires to introduce a certification management GUI and to allow users to install their own certificates. Quite a straight forward task where AmiSSL already allows to do the certification verification automatically.

Attachments (0)

Change History (4)

comment:1 Changed 45 years ago by damato

  • Blocking 130 added

comment:1 Changed 5 years ago by damato

  • Status changed from new to accepted

comment:2 Changed 4 years ago by damato

  • Description modified (diff)
  • Milestone changed from YAM 2.7 to YAM 2.8

comment:4 Changed 2 years ago by damato

  • Resolution set to fixed
  • Status changed from accepted to closed

(In [6057]) * tcp/ssl.c, tcp/Connection.c, misc: completely reworked the SSL connection

handling and moved all SSL related stuff into tcp/ssl.c. Now the random number
seed will be checked right before creating a secure connection. Also the
SSL connection setup has been updated to common sense. More important, YAM
will now check the validity of the SSL certificate during connection according
to common rules. In case an SSL certificate can not be verified a warning
requester will be presented to the user allowing to accept the certificate
once, permanently or simply reject the connection attempt. By permanently
accepting an SSL certificate YAM will store the fingerprint and the failures
bitmask in the YAM configuration so that for the next connection YAM will
not ask the user again until the validation results are different next
time. By having implemented full SSL certificate verification support YAM
makes a big leap forward regarding connection security. This closes #131.

Add Comment

Modify Ticket

Action
as closed The ticket will remain with no owner.
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.

This list contains all users that will be notified about changes made to this ticket.

These roles will be notified: Reporter, Owner, Subscriber

  • Jens Maus(Reporter, Participant)