[GH-ISSUE #92] Proper certificate checks for the game update api #12

Closed
opened 2026-02-15 15:54:43 -05:00 by yindo · 1 comment
Owner

Originally created by @13xforever on GitHub (Oct 9, 2018).
Original GitHub issue: https://github.com/RPCS3/discord-bot/issues/92

Right now all certificate checks to the psn update api are ignored (see CustomTlsCertificatesHandler.cs).

I don't really like this and do want to implement a proper certificate chain validation. Unfortunately, root certificates are not public, and only redistributed through ps3 firmware update. On top of that, currently there's no way to implement dynamic chain trust check with custom root certificates via official api. The only viable solution is to check and import root certificates to the user personal certificate store on startup.

Needs more investigation.

Originally created by @13xforever on GitHub (Oct 9, 2018). Original GitHub issue: https://github.com/RPCS3/discord-bot/issues/92 Right now all certificate checks to the psn update api are ignored (see [CustomTlsCertificatesHandler.cs](../blob/master/Clients/PsnClient/CustomTlsCertificatesHandler.cs)). I don't really like this and do want to implement a proper certificate chain validation. Unfortunately, root certificates are not public, and only redistributed through ps3 firmware update. On top of that, currently there's no way to implement dynamic chain trust check with custom root certificates via official api. The only viable solution is to check and import root certificates to the user personal certificate store on startup. Needs more investigation.
yindo added the enhancementhelp wanted labels 2026-02-15 15:54:43 -05:00
yindo closed this issue 2026-02-15 15:54:43 -05:00
Author
Owner

@13xforever commented on GitHub (Mar 4, 2019):

Still not feasible.
✔ On Windows you can import certificates to the Trusted Root CA store using X509Store
This will ask user for confirmation for each imported certificate

On Linux importing to any store doesn't affect TLS validation
Setting SSL_CERT_DIR will treat said dir as a sole certificate store
Setting SSL_CERT_FILE alone doesn't work
setting it along with an empty SSL_CERT_DIR works the same way as just using SSL_CERT_DIR

@13xforever commented on GitHub (Mar 4, 2019): Still not feasible. ✔ On Windows you can import certificates to the Trusted Root CA store using `X509Store` ❌This will ask user for confirmation for each imported certificate ❌ On Linux importing to any store doesn't affect TLS validation ❌ Setting `SSL_CERT_DIR` will treat said dir as a **sole** certificate store ❌ Setting `SSL_CERT_FILE` alone doesn't work ❌setting it along with an empty `SSL_CERT_DIR` works the same way as just using `SSL_CERT_DIR`
yindo changed title from Proper certificate checks for the game update api to [GH-ISSUE #92] Proper certificate checks for the game update api 2026-06-05 15:24:51 -04:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: RPCS3/discord-bot#12