[
https://issues.apache.org/jira/browse/IGNITE-14004?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17269227#comment-17269227
]
Andrey Mashenkov edited comment on IGNITE-14004 at 1/21/21, 11:16 AM:
----------------------------------------------------------------------
[~yaxiao],
I agree that getDisabledTrustManager() should never be used, but maybe in tests
only.
I just thought default certificate validation logic doesn't allows self-signed
certs and we need some custom TrustManager for this purpose, am I right?
Or does just adding self-signed certificate to trustStore will work?
I think correct fix is
* use default TrustManager, but allow user to switch to some custom
TrustManager via setting TrustManager class in system property.
* provide safe TrustManager implementation (via public Ignite API) for
self-signed certificates for easier user experience.
was (Author: amashenkov):
[~yaxiao],
I agree that getDisabledTrustManager() should never be used, but maybe in tests
only.
I just thought default certificate validation logic doesn't allows self-signed
certs and we need some custom TrustManager for this purpose, am I right?
Or does just adding self-signed certificate to trustStore will work?
I think correct fix is
* use default TrustManager, but allow user to switch to some custom
TrustManager via setting TrustManager class in system property.
* provide safe TrustManager implementation for self-signed certificates for
easier user experience.
> Customized TrustManager bypasses certificate verification
> ---------------------------------------------------------
>
> Key: IGNITE-14004
> URL: https://issues.apache.org/jira/browse/IGNITE-14004
> Project: Ignite
> Issue Type: Bug
> Components: clients, control.sh, security
> Reporter: Ya Xiao
> Priority: Critical
> Labels: security
>
> We found a security vulnerability in file
> [ignite/modules/core/src/main/java/org/apache/ignite/internal/client/ssl/GridSslBasicContextFactory.java|https://github.com/apache/ignite/blob/be3072ff278a2542e41d008b5379473867df3814/modules/core/src/main/java/org/apache/ignite/internal/client/ssl/GridSslBasicContextFactory.java].
> The customized TrustManger (at Line 502) allows all certificates to pass the
> verification.
> *Security Impact*:
> The checkClientTrusted and checkServerTrusted methods are expected to
> implement the certificate validation logic. Bypassing it could allow
> man-in-the-middle attacks.
> *Useful Resources*:
> [https://cwe.mitre.org/data/definitions/295.html]
> [https://developer.android.com/training/articles/security-ssl|https://developer.android.com/training/articles/security-ssl#SelfSigned]
> *Solution we suggest:*
> Do not customize the TrustManger or specify the certificate validation logic
> instead of allowing all certificates. See
> [here|https://developer.android.com/training/articles/security-ssl] to
> securely allow self-signed certificates and other common cases.
> *Please share with us your opinions/comments if there is any:*
> Is the bug report helpful?
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
