#18 patch to automatically accept invalid certificates for https

closed-fixed
nobody
None
5
2007-04-27
2006-10-07
No

the patch adds accept_invalid_cert to the
configurable options. the default is 0, as it was
before. its noted that enabling this is highly
insecure.
pam_mount doesn't handle that questioning for the
invalid cert at all. I wanted it for testing, as I
only have some self signed certs on my test server ;)

Discussion

  • Werner Baumann

    Werner Baumann - 2006-10-07

    Logged In: YES
    user_id=1260327

    Hello Sebastian,

    thanks for the patch.

    Nevertheless, I have a very bad feeling with this. You may
    know my opinion about this from the README file.

    My general objection to this kind of using TLS: A useful
    tool for security is rendered useless or even becomes a
    security risk itself. There is a fine staatement of Bruce
    Schneier:
    "As it is used, with the average user not bothering to
    verify the certificates exchanged and no revocation
    mechanism, SSL is just simply a (very slow) Diffie-Hellman
    key-exchange method. Digital certificates provide no actual
    security for electronic commerce; it's a complete sham."
    (Secrets & Lies, Indiana 2000, page 239).

    Although you included a strong warning in your patch, I
    believe this will not help. davfs2 would promote the habit
    of using TLS without verifying certificates and believing
    there is security where there is acually none.

    So I would prefer to leave this patch in the Patches list,
    for those who are knowing what they do, or want to live on
    the edge, but not to include it in the package.

    I believe there are better ways to handle this:
    If you really want TLS (that includes authentication), you
    should create your own CA, create certificates and
    certificate revocation lists, deploy them and maintain and
    distribute the revocation list. This is a lot of work, but
    there is no security für lau.

    If you don't need authentication, but just encryption, IPSec
    ESP would be the better choice. As far as I know, there are
    efforts to create some standard for "encryption only"
    (something like "Oportunistic Encryption" from the FreeSWAN
    project. But you can also implement it, by just using a
    simple (unsecure) preshared key for authentication, but
    include an IKE daemon (racoon) to create secure keys for
    encryption.

    Greetings
    Werner

     
  • Sebastian Reitenbach

    Logged In: YES
    user_id=59448

    Hi Werner,

    I have no poblem with not including this patch, I did not
    really expected that. I fully understand your security
    concerns. when I would wrap these into #ifdef DEBUG #endif
    to only make this for debugging sessions available, would
    you include that then?
    I know, I should dig out my good old CA managing scripts
    and created my own trusted CA.

    greetings
    Sebastian

     
  • Werner Baumann

    Werner Baumann - 2007-04-07

    Logged In: YES
    user_id=1260327
    Originator: NO

    Hello Sebastian,

    release 1.2.0 of davfs2 now has support for self-made server certificates. You can store them on disk and add an option in davfs2.conf to accept this certificate for this mount.

    It is not the same as this patch, but nevertheless it may make it unecessary. Please have a look at it. If you think this patch still useful, it may be necessary to adapt it to the new version.

    Cheers
    Werner

     
  • Sebastian Reitenbach

    Logged In: YES
    user_id=59448
    Originator: YES

    Hi Werner,

    thanks for adding this functionality as you described it, I have not tested it yet, but I think that it is what I need, automatically mount at boot time the webdav drive without the need to say yes to the certificate of the server.

    feel free to close this bug, as at least for me, I don't think I'll need it anymore.

    Sebastian

     
  • Werner Baumann

    Werner Baumann - 2007-04-27
    • status: open --> closed-fixed
     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.





No, thanks