[sword-devel] Self signed certs during module install [was: SWORD 1.8.0RC3]

Jaak Ristioja jaak at ristioja.ee
Mon Jul 10 04:16:18 MST 2017

On 26.06.2017 12:38, Troy A. Griffitts wrote:
> I'm certainly willing to add a compile flag to enable/disable
> self-signed certs.  I'm also willing to make this a runtime option for
> the client of the library.

Beware that the user prompt you added to utilities/installmgr.cpp in SVN
3485 ("Added configurable parameter in InstallMgr.conf,
UnverifiedPeerAllowed=true|false") is rather insecure:

    cout << "Would you like to allow unverified peers? [yes] ";

    char prompt[10];
    fgets(prompt, 9, stdin);
    allowed = (strcmp(prompt, "no\n"));
    cout << "\n";

If the user types "No", "NO" or " no" or "no " the variable allowed gets
set to true. I'd use something like !strcmp(prompt, "YES\n") instead to
be on the safer side. To be even more safe, only "YES" or "NO" should be
allowed as valid inputs, and if the user enters something else, the
prompt should be retried instead.

Additionally, if the user enters a long string, only part of it is
consumed by fgets and the rest is left in the input buffer (to be
consumed by some next fgets call?).

Best regards,

PS: I think you can pass size 10 instead of 9 to fgets.
PPS: Please consider using an enum instead of a bool for such variables.
They usually have the same size anyway, because enums usually have
sizeof(int) and so do bools on most platforms. As opposed to
ALLOW_UNVERIFIED_TLS_PEERS); stuff like createBasicConfig(true, false,
false); is really cryptic, and the reader must jump through an extra
hoop to understand the exact semantics of such function calls.
PPPS: I'm not going to merge that into Sword++.

More information about the sword-devel mailing list