<div dir="ltr"><div>Hi all,</div><div><br></div><div>This email is about a potential MITM attack, I would like to get some input on my proposed solution.<br></div><div></div><div><br></div><div><i>Disclaimer: I'm not an oslo.messaging expert or even versed in its codebase but I have a good</i></div><div><i> number of hours working with TLS already.</i></div><div><br></div><div>Back in September, there was a fix[1] in py-amqp to stop to use deprecated method ssl.wrap_socket.</div><div> Although I didn't follow anything about oslo.messaging, the PR was brought to my attention by Hervé,</div><div> another oslo core, who sees me as an SME on TLS among the oslo cores. I didn't follow the entire</div><div> conversation back then, I was only able to give some quick input, but Hervé was able to finish the PR</div><div> with the help of another developer.<br></div><div><br></div><div>Then earlier this month, another PR[2] was reintroducing a couple of parameters that got dropped in</div><div>the deprecation fix. At that point it was raised the possibility of a MITM attack in an issue[3] and by</div><div>reintroducing the dropped parameters, the problem should be fixed.</div><div><br></div><div>A couple of days went by and I started to have a hunch that there could still be more to fix. I went</div><div>to py-amqp codebase instead of just looking to the diffs on GitHub and noticed a not straightforward</div><div>logic on how verify_mode and check_hostname were being set.<br></div><div><br></div><div>Today I had time to go back to the py-amqp codebase and rework the _wrap_socket_sni() method.</div><div>I've put up this PR[4] and it is already failing in my travis[5] for integration tests which make me believe<br></div><div>that the client sockets were actually not validating the server certs.</div><div><br></div><div>There are a few more comments on the fix in the description of PR[4].<br></div><div><br></div><div>[1]: <a href="https://github.com/celery/py-amqp/pull/327">https://github.com/celery/py-amqp/pull/327</a></div><div><div>[2]: <a href="https://github.com/celery/py-amqp/pull/344">https://github.com/celery/py-amqp/pull/344</a></div>[3]: <a href="https://github.com/celery/py-amqp/issues/342">https://github.com/celery/py-amqp/issues/342</a></div><div>[4]: <a href="https://github.com/celery/py-amqp/pull/347">https://github.com/celery/py-amqp/pull/347</a></div><div>[5]: <a href="https://travis-ci.com/github/moisesguimaraes/py-amqp/builds/204747399">https://travis-ci.com/github/moisesguimaraes/py-amqp/builds/204747399</a></div><div><br></div><div>Thanks,<br></div>-- <br><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div>
<p style="font-weight:bold;margin:0px;padding:0px;font-size:14px;text-transform:capitalize;font-family:"RedHatText",sans-serif">
<span>Moisés</span> <span>Guimarães</span><span style="color:rgb(170,170,170);margin:0px"></span>
</p>
<p style="font-weight:normal;font-size:12px;margin:0px;text-transform:capitalize;font-family:"RedHatText",sans-serif">
<span>Software Engineer</span>
</p>
<p style="font-weight:normal;margin:0px 0px 4px;font-size:12px;font-family:"RedHatText",sans-serif">
<a style="color:rgb(0,136,206);font-size:12px;margin:0px;text-decoration:none;font-family:"RedHatText",sans-serif" href="https://www.redhat.com" target="_blank">Red Hat <span></span></a>
</p>
<div style="margin-bottom:4px">
</div>
<p style="font-weight:normal;margin:0px;font-size:12px;font-family:"RedHatText",sans-serif">
</p>
<div style="margin-top:12px">
<table border="0">
<tbody><tr>
<td width="100px"><a href="https://red.ht/sig" target="_blank"> <img src="https://static.redhat.com/libs/redhat/brand-assets/latest/corp/logo.png" width="90" height="auto"></a> </td>
</tr>
</tbody></table>
</div>
</div></div></div></div></div></div>