textsecure icon indicating copy to clipboard operation
textsecure copied to clipboard

Published 20 hours ago verified publisher icon janimo

include ServerName in TLS configuration

Open mutantmonkey opened this issue 9 years ago • 4 comments

This is required for Go to establish a TLS connection unless InsecureSkipVerify is set.

I'm not sure if this was a recent change in Go or what; it doesn't appear to be, but perhaps I missed something. I wasn't able to get this running on my system without this change.

mutantmonkey avatar Jan 16 '16 20:01 mutantmonkey

I'm using Go 1.5.3.

mutantmonkey avatar Jan 17 '16 01:01 mutantmonkey

I see this change going in Go 1.3 but that is not a new one (and it implies that your change is needed) https://github.com/golang/go/commit/fca335e91a915b6aae536936a7694c4a2a007a60

What is the exact error message you get and what server are you connecting to?

The standard cmdline client connecting to the OWS server works for me when built against Go 1.5.3

janimo avatar Jan 20 '16 09:01 janimo

I have the server set to https://textsecure-service.whispersystems.org:443. This is the output I get when I run textsecure:

DEBU[2016/01/21 22:26:51] PUT /v1/directory/tokens 200

tls: either ServerName or InsecureSkipVerify must be specified in the tls.Config

mutantmonkey avatar Jan 22 '16 06:01 mutantmonkey

It seem a sensible thing to implement to me, as this is basically a (very) weak form of certificate pinning, if I understand this correctly: Does setting ServerName check the Common Name (CN) of the certificate? A better option would of course be to check the fingerprint of the TLS certificate.

timothymctim avatar Apr 11 '17 21:04 timothymctim