Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Teeracle: SendWithCertificateVerification behaviour should be more roboust #1267

Closed
OverOrion opened this issue Mar 31, 2023 · 1 comment · Fixed by #1342
Closed

Teeracle: SendWithCertificateVerification behaviour should be more roboust #1267

OverOrion opened this issue Mar 31, 2023 · 1 comment · Fixed by #1342

Comments

@OverOrion
Copy link
Contributor

Coingecko changed their certificate (authority) for their API endpoint from Let's encrypt #1162 and now it seems they changed it back, resulting in fetching failure.

Our current solution relies on that we pass a single root_cert not a collection of trusted root certificates, which in cases like this causes problems, because for a fix to be applied a rebuld / redeployment is needed.
I can see why it was implemented like this, but because this is a 3rd party we should not rely on the fact they will never change their certificate (authority).

Proposed solutions:

  1. Use the default trusted store of the http_req library, mimicking what a browser would do
  2. Add the option to specify a custom trusted store for SendWithCertificateVerification so it could handle a collection of certificates, instead of just one.
@OverOrion OverOrion mentioned this issue Apr 3, 2023
Merged
@OverOrion OverOrion mentioned this issue Jun 5, 2023
Merged
@OverOrion
Copy link
Contributor Author

Currently the CI fails because of coingecko changing their certificate once again:
https://github.com/integritee-network/worker/actions/runs/5155951839/jobs/9319706548

A hotfix has been submitted, but a long-term solution will be implemented as well.

@OverOrion OverOrion mentioned this issue Jun 5, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Teeracle: add support for multiple root certificates integritee-network/worker
1 participant
@OverOrion