[sword-devel] MiTM

DM Smith dmsmith at crosswire.org
Sun Sep 18 11:34:28 MST 2016 

We are now using a good cert for the CrossWire server, but I don’t know if all SSL services use it yet. I’d be interested if a client has that changed from false to true would properly work. It shouldn’t allow a self signed cert, which is what we used to do.

If it doesn’t work, then I’d have to configure SFTP to use it.

I think that we should move toward SSL by default, e.g. redirect HTTP to HTTPS, FTP to SFTP, ….

DM Smith

> On Sep 18, 2016, at 2:02 PM, Jaak Ristioja <jaak at ristioja.ee> wrote:
> 
> Looking at the source it looks more like its used for FTP instead :)
> 
> https://github.com/bibletime/crosswire-sword-mirror/blob/trunk/src/mgr/curlhttpt.cpp
> 
> J
> 
> On 18.09.2016 20:55, Greg Hellings wrote:
>> https://curl.haxx.se/libcurl/c/CURLOPT_SSL_VERIFYPEER.html
>> 
>> Is curlhttpt.c used for HTTPS? I don't have the source in front of me,
>> but that name suggests it is only for the raw HTTP connection.
>> 
>> --Greg
>> 
>> 
>> On Sep 18, 2016 12:05 PM, "DM Smith" <dmsmith at crosswire.org
>> <mailto:dmsmith at crosswire.org>> wrote:
>> 
>>    I'll look into it. 
>> 
>> 
>>    On Sep 18, 2016, at 11:20 AM, Jaak Ristioja <jaak at ristioja.ee
>>    <mailto:jaak at ristioja.ee>> wrote:
>> 
>>>    Hi!
>>> 
>>>    In src/mgr/curlhttpt.cpp:
>>> 
>>>       /* Disable checking host certificate */
>>>       curl_easy_setopt(session, CURLOPT_SSL_VERIFYPEER, false);
>>> 
>>>    Why? Afaik this allows the use of self-signed certificates for MiTM.
>>> 
>>>    Best regards,
>>>    J
>>> 
>>>    _______________________________________________
>>>    sword-devel mailing list: sword-devel at crosswire.org
>>>    <mailto:sword-devel at crosswire.org>
>>>    http://www.crosswire.org/mailman/listinfo/sword-devel
>>>    <http://www.crosswire.org/mailman/listinfo/sword-devel>
>>>    Instructions to unsubscribe/change your settings at above page
>> 
>>    _______________________________________________
>>    sword-devel mailing list: sword-devel at crosswire.org
>>    <mailto:sword-devel at crosswire.org>
>>    http://www.crosswire.org/mailman/listinfo/sword-devel
>>    <http://www.crosswire.org/mailman/listinfo/sword-devel>
>>    Instructions to unsubscribe/change your settings at above page
>> 
>> 
>> 
>> _______________________________________________
>> sword-devel mailing list: sword-devel at crosswire.org
>> http://www.crosswire.org/mailman/listinfo/sword-devel
>> Instructions to unsubscribe/change your settings at above page
>> 
> 
> 
> _______________________________________________
> sword-devel mailing list: sword-devel at crosswire.org
> http://www.crosswire.org/mailman/listinfo/sword-devel
> Instructions to unsubscribe/change your settings at above page

More information about the sword-devel mailing list