Disabled SSL verification?

[marcelstoer]

I tested two SSL/TLS examples - one HTTP, one MQTT - without updating the default trust anchors and it works!

How is that possible?

Your examples use CA certs like "Baltimore CyberTrust Root" or "GlobalSign" as e.g. here https://github.com/khoih-prog/EthernetWebServer_SSL/blob/main/examples/WebClientMulti_SSL/trustanchors.h. I connected to HTTP & MQTT hosts that have certificates issued by other CAs. Yet, even without touching your default trust anchors the hand shake did not fail. I am puzzled.

[khoih-prog]

IMO, I think this is one of the intended features of using Root CA.

The modern TLS root store structure has the shape of inverted pyramid, and we have here the lowest CAs in the base

• Baltimore CyberTrust
• GlobalSign
• VeriSign

More info can be read here

1. What Are CA Certificates?
2. Certificate authority
3. Root certificate
4. X.509

X.509 certificates bind an identity to a public key using a digital signature. In the X.509 system, there are two types of certificates. 
The first is a CA certificate. The second is an end-entity certificate. A CA certificate can issue other certificates. 
The top level, self-signed CA certificate is sometimes called the Root CA certificate. 

If you have more questions, please post on Security StackExchange where there are much better experts to answer.

[marcelstoer]

Thanks for the quick reply!

Sorry if my post wasn't clear enough. I think I do understand how certificate chains work but maybe you prove me wrong 😉

Example 1

CloudMQTT documents that they use a certificate

issued by Sectigo with USERTrust RSA Certification Authority as root

That CA cert is here: https://crt.sh/?id=1199354. Hence, when I try your MQTT examples that use "Baltimore CyberTrust Root" or "GlobalSign" as trust anchors I expect the TLS handshake to fail.

Example 2

scantick.com uses Let's Encrypt which in turn is signed by "ISRG Root X1". Again, I expect making an HTTPS request against that domain with your example that has "Baltimore CyberTrust Root" as trust anchor to fail. But it works.

[marcelstoer]

I was also surprised to learn that none of your examples initialize the system time through NTP. I wondered, how can certificate verification ever succeed without current time (date actually)? I found the answer here: https://github.com/OPEnSLab-OSU/SSLClient/blob/master/README.md#time

The minimal x509 verification engine requires an accurate source of time to properly verify the creation and expiration dates of a certificate. As most embedded devices do not have a reliable source of time, by default SSLClient opts to use the compilation timestamp (__DATE__ and __TIME__) as the "current time" during the verification process. While this approach reduces the complexity of using SSLClient, it is inherently insecure, and can cause errors if certificates are redeployed (see #27): to accommodate these edge cases, SSLClient::setVerificationTime can be used to update the timestamp before connecting, resolving the above issues.

This is fine for examples and will even work "in production" for some time. It might take a couple of weeks or months until it starts failing. Hence, it's quite a GOTCHA!.

Also, I need to figure out how to set the clock with this library as my usual (ESP32) function doesn't seem to work when connected through Ethernet.

void setClock() {
  configTime(0, 0, "pool.ntp.org", "time.nist.gov");

  log_i("Waiting for NTP time sync.");
  time_t nowSecs = time(nullptr);
  Serial.println();
  while (nowSecs < 8 * 3600 * 2) {
    delay(500);
    Serial.print(F("."));
    yield();
    nowSecs = time(nullptr);
  }

  struct tm timeinfo;
  gmtime_r(&nowSecs, &timeinfo);
  log_i("Current time: %s.", asctime(&timeinfo));
}

So, thanks for the low-level UDP NTP example.

[khoih-prog]

You are a real expert now, and this discussion certainly will help many users to understand more about TLS/SSL usage.

Hereafter is a snippet of code to use TLS/SSL I did quite a long time ago

https://github.com/khoih-prog/Blynk_WM/blob/f7ec38f5d17c4a27cdcfacdefe247c264bcf3e30/src/BlynkSimpleEsp32_SSL_WM.h#L290-L335

    bool connect()
    {
      //KH
      if (this->connected())
        return true;


      // Synchronize time using SNTP. This is necessary to verify that
      // the TLS certificates offered by the server are currently valid.
      configTime(0, 0, "pool.ntp.org", "time.nist.gov");
      time_t now = time(nullptr);


      int i = 0;
      while ( (i++ < 30) && (now < 100000) ) 
      {
        delay(1000);
        now = time(nullptr);
      }


      struct tm timeinfo;
      gmtime_r(&now, &timeinfo);
      String ntpTime = asctime(&timeinfo);
      ntpTime.trim();
      BLYNK_LOG2("NTP time: ", ntpTime);
      
      this->client->setCACert(caCert);
      
      /////////////////////////////////////////
      // KH, New v1.3.0
      if (String(this->domain) == BLYNK_DEFAULT_DOMAIN)
      {
        this->client->setInsecure(); 
      }
      /////////////////////////////////////////


      if (BlynkArduinoClientGen<Client>::connect())
      {
        BLYNK_LOG1(BLYNK_F("Certificate OK"));
        return true;
      }
      else
      {
        BLYNK_LOG1(BLYNK_F("Secure connection failed"));
      }


      return false;
    }