Closed bne86 closed 8 years ago
cookie33
commented
9 years ago Hi Benedict,
What you mean is that the line 59 of the epicclient.py:
self.http = httplib2.Http(disable_ssl_certificate_validation=True)disables ssl certificate checking.
It still uses SSL. But the certificate is not checked.
So you would like to have it enabled by removing that line in the code?
Greetings,
Robert
bne86
commented
9 years ago yes. yes, certificates should be checked, i think that is one of the ideas of it. Make sure that the connection partner is the one that we want to talk to. Otherwise no one can make sure that there is a EUDAT epic at the other end of the connection.
cookie33
commented
9 years ago OK. That is clear.
The clients just have to add the correct CA to their chain to be able to authenticate the issuer of the Certificate at the server side.
bne86
commented
9 years ago I do not think they have to do anything, because the epic server should deliver the chain and the root CA should be in there? On the refered swift middleware i did not have to do anything to make it work, especially not checking the issuer.
ccacciari
commented
8 years ago enabled by default the ssl certificate validation
https://github.com/EUDAT-B2SAFE/B2SAFE-core/blob/master/cmd/epicclient.py#L59
This line should be removed, for the swift extension at [1] https worked without making it insecure.
[1] https://github.com/BeneDicere/swift-persistent-identifier/blob/master/swift_persistent_identifier/clients/epic.py