mirror of
https://github.com/RPCS3/discord-bot.git
synced 2026-07-19 13:54:44 -04:00
[GH-ISSUE #92] Proper certificate checks for the game update api #12
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @13xforever on GitHub (Oct 9, 2018).
Original GitHub issue: https://github.com/RPCS3/discord-bot/issues/92
Right now all certificate checks to the psn update api are ignored (see CustomTlsCertificatesHandler.cs).
I don't really like this and do want to implement a proper certificate chain validation. Unfortunately, root certificates are not public, and only redistributed through ps3 firmware update. On top of that, currently there's no way to implement dynamic chain trust check with custom root certificates via official api. The only viable solution is to check and import root certificates to the user personal certificate store on startup.
Needs more investigation.
@13xforever commented on GitHub (Mar 4, 2019):
Still not feasible.
✔ On Windows you can import certificates to the Trusted Root CA store using
X509Store❌This will ask user for confirmation for each imported certificate
❌ On Linux importing to any store doesn't affect TLS validation
❌ Setting
SSL_CERT_DIRwill treat said dir as a sole certificate store❌ Setting
SSL_CERT_FILEalone doesn't work❌setting it along with an empty
SSL_CERT_DIRworks the same way as just usingSSL_CERT_DIRProper certificate checks for the game update apito [GH-ISSUE #92] Proper certificate checks for the game update api