Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Cert processing invalid, CertificatePath and CACertificatePath keywords are nonfunctional #2190

Closed
mrapitis opened this issue May 17, 2018 · 0 comments
Closed

Cert processing invalid, CertificatePath and CACertificatePath keywords are nonfunctional #2190

mrapitis opened this issue May 17, 2018 · 0 comments
Assignees
@AKalinich-Luxoft

Comments

@mrapitis
Copy link
Contributor

Bug Report

The keywords CertificatePath and CACertificatePath in the smartDeviceLink.ini file are intended to allow the system integrator to specify both the preloaded CA certificates directory and the systems certificate file in pem file format. With the implementation of the EXTERNAL_PROPRIETARY policy mode in release 4.3.0 the keywords have (mistakenly) become nonfunctional as SDL core is always looking for a certificate via the policy table now (even though the keywords still exist in the Security Manager section of the smartDeviceLink.ini file linked below). Including the certificate in the policy table inside of the implementation of the EXTERNAL_PROPRIETARY policy mode was only intended to allow the core to periodically update its certificate on the file system -- the intent was not to remove the capability for an integrator to specify their root ca and initial module certificate.

https://github.com/smartdevicelink/sdl_core/blob/master/src/appMain/smartDeviceLink.ini#L158
https://github.com/smartdevicelink/sdl_core/blob/master/src/appMain/smartDeviceLink.ini#L168

Reproduction Steps

Clone any branch of sdl core with a release version of 4.3.0 or above. Take note of the invalid certificate processing flow (core only utilizes and processes certificates from the policy table and does not allow the integrator to specify root ca and system certificates). Also take note of the CertificatePath and CACertificatePath keywords as they are not utilized properly anymore.

Expected Behavior

SDL Core will use the CertificatePath and CACertificatePath keywords specified in the ini file allowing the system integrator to provide both a system side certificate and preloaded CA certificates where needed. SDL Core will update the system side certificate via policy table update.

Observed Behavior

SDL Core ignores both the CertificatePath and CACertificatePath keywords that would allow the system integrator to specify certificates for their environment, instead SDL Core only processes the certificate provided via the policy table.

OS & Version Information
  • OS/Version: Ubuntu 16.04
  • SDL Core Version: Release 4.5.1
  • Testing Against: Tested with WebHMI and app built with 4.5.0 Android Proxy release
@mrapitis mrapitis mentioned this issue May 17, 2018
Closed
@AKalinich-Luxoft AKalinich-Luxoft mentioned this issue May 25, 2018
Merged
1 task
This was referenced Jun 1, 2018
Merged
Merged
@dboltovskyi dboltovskyi mentioned this issue Jun 5, 2018
Merged
1 task
@jacobkeeler jacobkeeler mentioned this issue Sep 5, 2018
Merged
@GetmanetsIrina GetmanetsIrina mentioned this issue Feb 7, 2020
Merged
1 task
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees

@AKalinich-Luxoft AKalinich-Luxoft

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@AKalinich-Luxoft @mrapitis @Jack-Byrne