search

brocaar / chirpstack-application-server

ChirpStack Application Server is an open-source LoRaWAN application-server.
https://www.chirpstack.io
MIT License
498 stars 325 forks source link

Skip SSL verification InfluxDB integration #469

Open kjetilmjos opened 4 years ago

kjetilmjos commented 4 years ago

What happened?

When enabling the InfluxDB integration with self signed certificates I get an error. I run all services in docker containers.

What did you expect?

Having a checkbox to enable skip SSL verification when setting up the InfluxDB integration.

Steps to reproduce this issue

Steps:

  1. Set up InfluxDB with self signed certificate.
  2. Enable the InfluxDB integration.

Could you share your log output?

Had to remove SSL on the DB so lost the log messages.

Your Environment

Component Version
Application Server 3.10.0
Network Server 3.9.0
Gateway Bridge 3.8.0
Chirpstack API
Geolocation 3.3.1
Concentratord
brocaar commented 4 years ago

I'm not sure if this would be a useful feature. When you skip the TLS certificate validation it means that you do not validate if the endpoint you are trying to connect to is really then endpoint you think you are connecting to. While technically all data between the client and DB is encrypted, a MITM can still identify itself as the DB with its own (self-signed) certificate and decrypt your data.

kjetilmjos commented 4 years ago

I can see the safety part of it. I encountered the issue where I have some databases configured with a self signed certificate running in a closed network. I guess SSL is really not necessary when running in a closed network but sometimes it's nice to be hide the information going to the database even if you have control on the network.