[EMAIL PROTECTED] wrote: > We need rudimentary SSL support in the pkg client for our upcoming > release. This set of changes adds basic SSL support to the client and fixes > a bunch of other bugs I created in my last few putbacks. > > Webrev is available here: > > http://cr.opensolaris.org/~johansen/pkg-sslcli/
In the man page diffs I saw: 294 + Although HTTPS servers may validate client SSL certificates, the 295 + client does not currently validate the server's. That pretty much defeats the main reason for doing SSL from the clients view. The whole point is you need to know that the server you are connecting to is who you expect to be and the way to do that with SSL is to verify the presented certificate against your local trust anchors (this is what your browser does). If you don't have the client verifying the servers certificate then you haven't protected against Man in the Middle attacks (which is one of the main reasons for using SSL in the first place) and you get little benefit from using SSL from the clients view. It turns out that this weakness isn't in your code but in the underlying Python module. I think sadly that this means in the longer term a more to a better HTTP library is going to be needed. The client needs a set of trust anchors to verify against and the Python httplib API doesn't even provide a way to specify that. On the other hand it is really really nice to see support for client side certs being provided. Out of scope for this codereview but by the time this integrates into Solaris we ideally want to have the client key stored in a PKCS#11 accessible keystore (see encrypt(1), pktool(1) etc). I wouldn't TCR in an ARC review but I would consider a TCA. -- Darren J Moffat _______________________________________________ pkg-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
