From user-return-18634-apmail-couchdb-user-archive=couchdb.apache.org@couchdb.apache.org Tue Nov 1 16:47:17 2011 Return-Path: X-Original-To: apmail-couchdb-user-archive@www.apache.org Delivered-To: apmail-couchdb-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 0A7107415 for ; Tue, 1 Nov 2011 16:47:17 +0000 (UTC) Received: (qmail 11705 invoked by uid 500); 1 Nov 2011 16:47:15 -0000 Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org Received: (qmail 11624 invoked by uid 500); 1 Nov 2011 16:47:15 -0000 Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@couchdb.apache.org Delivered-To: mailing list user@couchdb.apache.org Received: (qmail 11616 invoked by uid 99); 1 Nov 2011 16:47:15 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 01 Nov 2011 16:47:15 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=5.0 tests=RCVD_IN_DNSWL_NONE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of jens@couchbase.com designates 206.225.164.32 as permitted sender) Received: from [206.225.164.32] (HELO EXHUB020-5.exch020.serverdata.net) (206.225.164.32) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 01 Nov 2011 16:47:09 +0000 Received: from EXVMBX020-1.exch020.serverdata.net ([169.254.4.141]) by EXHUB020-5.exch020.serverdata.net ([206.225.164.32]) with mapi; Tue, 1 Nov 2011 09:46:48 -0700 From: Jens Alfke To: "user@couchdb.apache.org" Date: Tue, 1 Nov 2011 09:46:47 -0700 Subject: Re: How to enable SSL cert verification? Thread-Topic: How to enable SSL cert verification? Thread-Index: AcyYtdhng/PdaK3zRj6YEaHiIY8TCw== Message-ID: <46649800-A406-4613-B755-CBA2768E81F6@couchbase.com> References: <486D49AF-C272-4C3D-BDD3-95C95A8374A1@couchbase.com> In-Reply-To: <486D49AF-C272-4C3D-BDD3-95C95A8374A1@couchbase.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 On Nov 1, 2011, at 9:06 AM, I wrote: > Having just gotten SSL working in Couchbase Mobile for iOS, I'm looking a= t the Erlang SSL API trying to figure out how to get it to properly validat= e server certs*. Jan kindly pointed me at issue COUCHDB-878*, which includes a patch that ad= ds config options to turn on cert verification and provide a root cert. Thi= s doesn=92t appear to have been committed even though the bug=92s been open= for more than a year. Why not? As the description points out, this is a si= gnificant security hole: > Description: "When doing an SSL replication, CouchDB does not check the c= ertificate chain. This renders the SSL support absolutely useless since an = attacker who is in the position of doing man-in-the-middle attacks can send= an invalid certificate and gets all my data (push replication)." I wouldn=92t say it=92s _absolutely_ useless, as data is still hidden from = anyone but the remote peer; but it=92s true that you have no assurance that= the remote peer is who you think it is. :-p I haven=92t read the patch, but it doesn=92t sound as though it=92s enough = for general use, if it indeed only lets you specify one root cert (not a li= st of them.) Even with a full root-cert list there would still be issues li= ke keeping that list up to date (remember all those CA compromises in just = the last few months?), and lack of support for cert revocation (CRL or OCSP= ). The best solution would be a hook into a NIF that integrated with the OS= =92s underlying native security library. =97Jens * https://issues.apache.org/jira/browse/COUCHDB-878