Nzbget certificate has expired3/15/2023 it doesn't matter if certificate was issued to other site what matters is if the user trusts to the certificate (solving problem).If authorities create another certificate for the same host that certificate will have a different fingerprint and will be detected No one can pretend to be the news server unless he has the original server certificate. NZBGet will validate fingerprint and report an error and stop connecting if it doesn't match. News servers configuration section in NZBGet will have a new option Fingerprint which must be set by user manually, something like: Which is a certificate fingerprint check. So instead of trying to verify server certificate I could possibly implement a different approach to improve security and prevent MitM attacks. Although wouldn't it be strange (or suspicious) that some program uses a non-system root certificate store? Well, this collection comes from Mozilla and Firefox does this exact thing (uses it's own certificate collection instead of system store). MacOS has it's own certificate store too.Īn alternative could be to ship a certificate collection within NZBGet package. Windows has it's own certificate store which of course isn't in format expected by OpenSSL. A lot of confusion and this is just on Linux. Interesting reading - A note about SSL/TLS trusted certificate stores, and platforms (OpenSSL and GnuTLS). The big question is where to get that collection? To perform validation a collection of trusted root certificates is needed. Certificate validation is a difficult thing for NZBGet.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |