Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: allow connection to legacy unsafe servers #484

Merged
merged 1 commit into from
Nov 23, 2023

Conversation

divdavem
Copy link
Member

@divdavem divdavem commented Nov 23, 2023

This PR adds the SSL_OP_LEGACY_SERVER_CONNECT flag when connecting to legacy remote servers for increased compatibility.
Note that it allows man-in-the-middle attacks, but those attacks are already possible anyway because of the rejectUnauthorized option which allows any certificate on the server. kassette is a test tool that is not designed to run in a production environment.

This PR fixes the following error that can happen when this flag is not set:

78250000:error:0A000152:SSL routines:final_renegotiate:unsafe legacy renegotiation disabled

Copy link

codecov bot commented Nov 23, 2023

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (31510de) 91.52% compared to head (256b7d9) 91.52%.

Additional details and impacted files
@@           Coverage Diff           @@
##           master     #484   +/-   ##
=======================================
  Coverage   91.52%   91.52%           
=======================================
  Files          36       36           
  Lines        1192     1192           
  Branches      268      268           
=======================================
  Hits         1091     1091           
  Misses         50       50           
  Partials       51       51           
Flag Coverage Δ
e2e 80.03% <ø> (ø)
ut 59.89% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

This commit adds the SSL_OP_LEGACY_SERVER_CONNECT flag when connecting to
legacy remote servers for increased compatibility.
Note that it allows man-in-the-middle attacks, but those attacks are
already possible anyway because of the rejectUnauthorized option which
allows any certificate on the server. kassette is a test tool that is not
designed to run in a production environment.

This PR fixes the following error that can happen when this flag is not
set:

78250000:error:0A000152:SSL routines:final_renegotiate:unsafe legacy renegotiation disabled
@divdavem divdavem changed the title fix: allow connection to unsafe servers fix: allow connection to legacy unsafe servers Nov 23, 2023
@fbasso fbasso self-requested a review November 23, 2023 13:54
Copy link

@fbasso fbasso left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM ;)

@divdavem
Copy link
Member Author

@fbasso Thank you for your review!

@divdavem divdavem merged commit ce30f1d into AmadeusITGroup:master Nov 23, 2023
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants