before explaining my scenario … the direct question :
is there a bundle of certification autorithy (CA) certificates in net mf or in the GHI ad hoc firmwares ?
Why this question ? Read following …
I’m working on a project with AMQP protocol (instead of HTTP REST APIs) and Microsoft Azure Service Bus (queues, topics and event hubs) using the AMQP.Net Lite library (http://amqpnetlite.codeplex.com).
The Service Bus needs an SSL/TLS based connection for sending and receiving messages but I see that this connection is established in a very simple way … and it seems without any check !
The library uses the following code to execute authentication …
sslSocket.AuthenticateAsClient( address.Host, null, noVerification ? SslVerification.NoVerification : SslVerification.VerifyPeer, SslProtocols.Default);
The parameters are …
- the host name of service bus namespace (ex. “myservice.servicebus.windows.net”)
- null is the client certificate (in this way we don’t want client authentication)
- noVerification is false at runtime, so the parameter is VerifyPeer
- usage of default SSL protocol
Now … during the SSL handshake, the server sends its certificate (inside a chain with two other CA certificate) and the client needs to verify it. To do that, the client needs a CA certificate so that with its public key it can verify the signature of the server certificate just received.
The AuthenticateAsClient method used in the library doesn’t have a collection of X509 certificates as CA certificates (there is another overload with this parameter but not the version used in the library).
So, why the authentication works fine !??
I think that there are two possibilities :
- the method doesn’t execute any check … and it could be a very big problem ! Thanks to SSL I encrypt my data but without server authentication I don’t know if I’m talking with the right server I trust !
- the netmf or GHI firmwares have a CA certificates bundle onboard (like our PCs)
Another strange behavior is that after established TCP connection with the right hostname, if I change at runtime the hostname parameter for AuthenticateAsClient (ex. from “myservice.servicebus.windows.net” to “helloworld”) … the verification works !!! There isn’t any check on the hostname in the server certificate !
It seems to be a big security issue … or I’m wrong because I can’t see in the right direction ?
Using my M2Mqtt library, I have always used the AuthenticateAsClient overload that takes CA certificate to be sure to verify the server certificate (MQTT broker).