hiredis
hiredis copied to clipboard
TLS: Validate the hostname of the server certificate
Avoid MITM attacks by checking whether the server's certificate contains the server's hostname.
Currently this works only with OpenSSL 1.1.0 or newer.
Hi, thanks for the PR!
The code looks fine to me. The only question I have is whether users are going to want to make the check optional (as opposed to always happening with OpenSSL >= 1.1.0 when they specify server_name
).
Is the problem that SSL_set_tlsext_host_name
doesn't by itself actually do any hostname validation?
@yossigo Any thoughts?
Is the problem that
SSL_set_tlsext_host_name
doesn't by itself actually do any hostname validation?
Yes, it only sets the SNI hostname. This name is not used to validate the server certificate.
@mkauf Thanks for this PR for raising this issue in the first place!
Technically this is a breaking change because anyone who's using SNI but don't have compatible certs would experience connection errors. As hiredis 1.0.0 was just released I think we may be okay with that, but would like to raise two points:
- I think we need an option to disable name checks, even if SNI is used. I'd consider something like
redisSSLContextSetOptions(ctx, REDIS_SSL_NO_HOSTNAME_CHECK)
; - OpenSSL 1.0.x is still widely used and we'd want hiredis to behave the same way on both versions.
@michael-grunder Does this make sense to you?