Verify self-signed certificates with provided certificate #79

evstep · 2019-03-14T08:24:38Z

It's possible to have in MQTTExplorer such option like in MQTTBox, select self-signed certificates?

thomasnordquist · 2019-03-19T17:08:32Z

Hmm, I see why this is important.

Unsecure workarounds, for the time being, could be to:

uncheck "Validate Certificate" (man-in-the-middle attack is possible, but encryption itself works)
Add self-signed certificate to "Trusted Certificates" (other SSL connections may be vulnerable if someone else knows the certificates secret)

It appears that this is technically possible with the tls.connect option options.ca.
https://nodejs.org/api/tls.html#tls_tls_connect_options_callback

I'm fairly certain that I'll add this security feature in the near future.

thomasnordquist · 2019-03-19T17:27:23Z

What platform (operating system) are you using.
I'll try to fix it today and make a beta-release so you may test it if you like.

evstep · 2019-03-25T09:32:27Z

@thomasnordquist sorry for delay, Ubuntu 18.04

thomasnordquist · 2019-03-26T15:15:31Z

I prepared a beta AppImage release.

You'll find the certificate option in the advanced settings.

thomasnordquist · 2019-04-03T15:59:54Z

No comment probably means the test was successful (or not).
Since I've also tested the feature, I close this issue.

Will be part of the next release.

thomasnordquist changed the title ~~Self signed certificates~~ Verify self-signed certificates with provided certificate Mar 19, 2019

thomasnordquist added the Priority label Mar 19, 2019

thomasnordquist closed this as completed Apr 3, 2019

ioolkos mentioned this issue Apr 28, 2021

I can't be sure if the TLS certificates work vernemq/vernemq#1785

Closed

Provide feedback