simplex-chat
SMP server fingerprint
Hello all,
I have just recently (read as of today) deployed Simplexmq server using docker on Ubuntu 20.04.
While playing around with the terminal app on Mac and the iOS app chatting back and forth with myself to test different features and gauge how responsive my hardware was, I wanted to test whether or not improperly configured credentials would cause an error to be reported in either app.
When connecting to my own docker deployed smp server correctly, everything works fine as expected. However, when I malformed the fingerprint part of the smp address (for example, smp://[email protected] where the letter E was substituted with another value) the connection still succeeded with no error message in either terminal or iOS app.
The only time I noticed there was a problem was when I would use the "/fr" command to pull in an image. At that point, the terminal app would complain about exception: HandshakeFailed (Error_Protocol ("certificate has unknown CA",True,UnknownCa)).
Am I missing a configuration option or a different way of building the docker image, or is this the correct operation? I was under the impression that the fingerprint part of the smp:// address was to insure that no MITM could have somehow interjected themselves. But if I supply a completely wrong fingerprint, both clients connect and exchange messages just fine with each other, at least until file transfer.
- edit from https://github.com/simplex-chat/simplexmq/blob/stable/protocol/simplex-messaging.md#appendix-a
During TLS handshake the client must validate that the fingerprint of the online server certificate is equal to the serverIdentity the client received as part of SMP server address; if the server identity does not match the client must abort the connection.
- edit 2
- after looking into issue #328, If the fingerprint is malformed, then the /c command does indeed fail with the same message as described above. So it seems that even though I am able to connect with the wrong fingerprint, I am unable to use the self-hosted server correctly. I still seem to believe, correct me if I am wrong, that the terminal app and iOS app should still report an error and refuse to save the SMP server address or give an error if the smp://fingerprint@fqdn has an improperly transcribed fingerprint.
Could it have been that when you created the connection your client used the server address with the correct fingerprint, and then you later restarted the chat with the wrong fingerprint?
The server address you pass to the client is only used for the new connections, the previously created connections will continue using the old address... There is caveat though, if you create the new connection the client would update fingerprint for the previously created connections on the same server, and it would stop working if fingerprint is not correct.
Could it have been that when you created the connection your client used the server address with the correct fingerprint, and then you later restarted the chat with the wrong fingerprint?
The server address you pass to the client is only used for the new connections, the previously created connections will continue using the old address... There is caveat though, if you create the new connection the client would update fingerprint for the previously created connections on the same server, and it would stop working if fingerprint is not correct.
I did indeed use the correct fingerprint on the first initial connection, then tried changing it after. If this is the case, am I correct in understanding that when a server is passed to either the terminal app or the iOS app, a connection to that server is NOT made until an invitation or personal address is created? In other words, you can supply any fingerprint you want, and you won't know it is wrong until you cause some action in the app that requires interaction with the server?
If this is the case, am I correct in understanding that when a server is passed to either the terminal app or the iOS app, a connection to that server is NOT made until an invitation or personal address is created?
this is correct
In other words, you can supply any fingerprint you want, and you won't know it is wrong until you cause some action in the app that requires interaction with the server?
indeed
(not saying that it's how it should be, but it is how it is :)
If this is the case, am I correct in understanding that when a server is passed to either the terminal app or the iOS app, a connection to that server is NOT made until an invitation or personal address is created?
this is correct
In other words, you can supply any fingerprint you want, and you won't know it is wrong until you cause some action in the app that requires interaction with the server?
indeed
(not saying that it's how it should be, but it is how it is :)
thank you @epoberezkin. IMHO, I think that if you are trying to connect to a non-default (pre-configured) smp server, either your own or a server ran by someone you know, it would be nice to have at-least some kind of error/warning displayed at the time the server is passed (-s option in terminal app) or when the save button is selected in iOS.
However, as I understand it now, I think that as a "feature request", it would add little in actual security or privacy, just peace of mind. Thanks for explaining this to me. I was up late last night trying to figure out how I was messaging back and forth thinking that somewhere a fall-back to a preconfigured server had occurred or something was wrong with my docker container.
thanks again
yes, I agree, we might add a separate "test connection" button maybe or indeed test connection on save.