search

chirpstack / chirpstack-gateway-bridge

ChirpStack Gateway Bridge abstracts Packet Forwarder protocols into Protobuf or JSON over MQTT.
https://www.chirpstack.io
MIT License
415 stars 269 forks source link

New Azure IoT root CAs #178

Closed jburhenn closed 3 years ago

jburhenn commented 3 years ago

Summary

According to this Microsoft announcement they are updating TLS certs on their servers. It looks like the chirpstack-gateway-bridge doesn't require any changes for now but they seem to suggest pinning a couple new roots in addition to the Baltimore Root CA in order to prevent possible future issues.

To continue without disruption due to this change, Microsoft recommends that client applications or devices pin the Baltimore root - Baltimore Root CA (Thumbprint: d4de20d05e66fc53fe1a50882c78db2852cae474) To prevent future disruption, client applications or devices should also pin the following roots: Microsoft RSA Root Certificate Authority 2017 (Thumbprint: 73a5e64a3bff8316ff0edccc618a906e4eae4d74) Digicert Global Root G2 (Thumbprint: df3c24f9bfd666761b268073fe06d1cc8d4f82a4)

What is the use-case?

Future proofing Azure IoT connections.

Implementation description

Simplest implementation would be to add the new certs to the certpool in azure_iot_hub.go.

Can you implement this by yourself and make a pull request?

Yes.

brocaar commented 3 years ago

If you could make an PR for this, that would be much appreciated :)