fix: enable TLS certificate verification in FileTransporter#97
Open
alessandro-bitetto wants to merge 2 commits into
Open
fix: enable TLS certificate verification in FileTransporter#97alessandro-bitetto wants to merge 2 commits into
alessandro-bitetto wants to merge 2 commits into
Conversation
The cURL-based file transporter disabled peer certificate verification on Linux (CURLOPT_SSL_VERIFYPEER, 0L) for both downloads and uploads, based on the outdated premise that "Linux doesn't have root certificates". Modern distributions ship a system CA bundle, so this only served to make every HTTPS transfer vulnerable to man-in-the-middle attacks — including uploads that can carry document data. Enable full verification explicitly (VERIFYPEER + VERIFYHOST) at both call sites so the secure default is documented and cannot be silently reintroduced. Platforms without a default CA bundle should configure one via CURLOPT_CAINFO/CURLOPT_CAPATH rather than disabling verification. Signed-off-by: Alessandro Bitetto <alessandro.bitetto@qodesrl.com>
1ddb5e6 to
9a86ca2
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
The cURL-based file transporter (
Common/Network/FileTransporter/src/FileTransporter_curl.cpp) disabled TLS peer certificate verification on Linux —CURLOPT_SSL_VERIFYPEER, 0L— for both downloads (DownloadData) and uploads (UploadData). The original comment justified it with "Linux doesn't have root certificates built into the system".That premise is no longer true: every mainstream distribution ships a system CA bundle (e.g.
/etc/ssl/certs). The only effect of the bypass was to make all HTTPS transfers vulnerable to man-in-the-middle attacks — including uploads, which can carry document data.Changes
#if defined(__linux__)blocks that setCURLOPT_SSL_VERIFYPEER, 0Lat both call sites.CURLOPT_SSL_VERIFYPEER, 1LandCURLOPT_SSL_VERIFYHOST, 2Lso the secure default is documented in-place and cannot be silently reintroduced.Notes / compatibility
CURLOPT_CAINFO/CURLOPT_CAPATH, not to disable verification. On such targets, affected HTTPS requests will now fail fast instead of proceeding insecurely.--no-check-certificatewget fallback intransport_external.his left untouched: it is gated toOLD_MACOS_SYSTEMand outside the Linux code path.