Uploaded image for project: 'Titanium SDK/CLI'
  1. Titanium SDK/CLI
  2. TIMOB-14354

Get SSL certificate owner when using ACS with Ti.Network.HTTPClient

    Details

    • Type: Bug
    • Status: Open
    • Priority: Low
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: TiAPI

      Description

      For security reason, there is a need to be sure the server is really appcelerator.com when accessing ACS. Currently, Ti.Network.HTTPClient is used to communicate to the server, and the server validation is in place as explained in this document: http://developer.appcelerator.com/blog/2012/11/the-titanium-sdk-and-certificate-validation.html

      However, the requirement is to examine the certificate owner as well. There is a possible risk, where an intermediate proxy/router might provide a different SSL certificate, which will lead to unprotected data.

      Need to ensure the endpoint serving the data was in fact the correct domain, corresponding to the name given in the SSL certificate.

        Attachments

          Activity

            People

            • Assignee:
              amukherjee Abir Mukherjee
              Reporter:
              dcassenti Davide Cassenti
            • Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:

                Backbone Issue Sync

                • Titanium SDK/CLI <> Titanium Mobile
                  Synced with:
                  TIMOB-16834
                  Sync status:
                  ERROR
                  Last received:
                  Last sent:

                  Git Integration