You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ignite.apache.org by "Andrey Mashenkov (Jira)" <ji...@apache.org> on 2021/01/21 11:17:00 UTC
[jira] [Comment Edited] (IGNITE-14004) Customized TrustManager
bypasses certificate verification
[ https://issues.apache.org/jira/browse/IGNITE-14004?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17269227#comment-17269227 ]
Andrey Mashenkov edited comment on IGNITE-14004 at 1/21/21, 11:16 AM:
----------------------------------------------------------------------
[~yaxiao],
I agree that getDisabledTrustManager() should never be used, but maybe in tests only.
I just thought default certificate validation logic doesn't allows self-signed certs and we need some custom TrustManager for this purpose, am I right?
Or does just adding self-signed certificate to trustStore will work?
I think correct fix is
* use default TrustManager, but allow user to switch to some custom TrustManager via setting TrustManager class in system property.
* provide safe TrustManager implementation (via public Ignite API) for self-signed certificates for easier user experience.
was (Author: amashenkov):
[~yaxiao],
I agree that getDisabledTrustManager() should never be used, but maybe in tests only.
I just thought default certificate validation logic doesn't allows self-signed certs and we need some custom TrustManager for this purpose, am I right?
Or does just adding self-signed certificate to trustStore will work?
I think correct fix is
* use default TrustManager, but allow user to switch to some custom TrustManager via setting TrustManager class in system property.
* provide safe TrustManager implementation for self-signed certificates for easier user experience.
> Customized TrustManager bypasses certificate verification
> ---------------------------------------------------------
>
> Key: IGNITE-14004
> URL: https://issues.apache.org/jira/browse/IGNITE-14004
> Project: Ignite
> Issue Type: Bug
> Components: clients, control.sh, security
> Reporter: Ya Xiao
> Priority: Critical
> Labels: security
>
> We found a security vulnerability in file [ignite/modules/core/src/main/java/org/apache/ignite/internal/client/ssl/GridSslBasicContextFactory.java|https://github.com/apache/ignite/blob/be3072ff278a2542e41d008b5379473867df3814/modules/core/src/main/java/org/apache/ignite/internal/client/ssl/GridSslBasicContextFactory.java]. The customized TrustManger (at Line 502) allows all certificates to pass the verification.
> *Security Impact*:
> The checkClientTrusted and checkServerTrusted methods are expected to implement the certificate validation logic. Bypassing it could allow man-in-the-middle attacks.
> *Useful Resources*:
> [https://cwe.mitre.org/data/definitions/295.html]
> [https://developer.android.com/training/articles/security-ssl|https://developer.android.com/training/articles/security-ssl#SelfSigned]
> *Solution we suggest:*
> Do not customize the TrustManger or specify the certificate validation logic instead of allowing all certificates. See [here|https://developer.android.com/training/articles/security-ssl] to securely allow self-signed certificates and other common cases.
> *Please share with us your opinions/comments if there is any:*
> Is the bug report helpful?
--
This message was sent by Atlassian Jira
(v8.3.4#803005)