{ "id": "116373", "key": "TIMOB-14354", "fields": { "issuetype": { "id": "1", "description": "A problem which impairs or prevents the functions of the product.", "name": "Bug", "subtask": false }, "project": { "id": "10153", "key": "TIMOB", "name": "Titanium SDK/CLI", "projectCategory": { "id": "10100", "description": "Titanium and related SDKs used in application development", "name": "Client" } }, "fixVersions": [], "resolution": null, "resolutiondate": null, "created": "2013-06-24T11:45:42.000+0000", "priority": { "name": "Low", "id": "4" }, "labels": [ "SupportTeam", "engReviewed" ], "versions": [], "issuelinks": [], "assignee": { "name": "amukherjee", "key": "amukherjee", "displayName": "Abir Mukherjee", "active": true, "timeZone": "America/Los_Angeles" }, "updated": "2019-12-13T17:08:40.000+0000", "status": { "description": "The issue is open and ready for the assignee to start work on it.", "name": "Open", "id": "1", "statusCategory": { "id": 2, "key": "new", "colorName": "blue-gray", "name": "To Do" } }, "components": [ { "id": "10224", "name": "TiAPI", "description": "This component is used for cross-platform API work. Specifications are most likely to use this component." } ], "description": "For security reason, there is a need to be sure the server is really appcelerator.com when accessing ACS. Currently, Ti.Network.HTTPClient is used to communicate to the server, and the server validation is in place as explained in this document: http://developer.appcelerator.com/blog/2012/11/the-titanium-sdk-and-certificate-validation.html\r\n\r\nHowever, the requirement is to examine the certificate owner as well. There is a possible risk, where an intermediate proxy/router might provide a different SSL certificate, which will lead to unprotected data.\r\n\r\nNeed to ensure the endpoint serving the data was in fact the correct domain, corresponding to the name given in the SSL certificate.\r\n\r\n", "attachment": [], "flagged": false, "summary": "Get SSL certificate owner when using ACS with Ti.Network.HTTPClient", "creator": { "name": "dcassenti", "key": "dcassenti", "displayName": "Davide Cassenti", "active": true, "timeZone": "Europe/Berlin" }, "subtasks": [], "reporter": { "name": "dcassenti", "key": "dcassenti", "displayName": "Davide Cassenti", "active": true, "timeZone": "Europe/Berlin" }, "environment": null, "comment": { "comments": [ { "id": "259195", "author": { "name": "wkong", "key": "wkong", "displayName": "Wei Kong", "active": false, "timeZone": "America/Los_Angeles" }, "body": "check this out\n\nhttp://stackoverflow.com/questions/188266/how-are-ssl-certificates-verified\n\nIf this needs to be done, the client side probably should do something similar to how web browser does it.", "updateAuthor": { "name": "wkong", "key": "wkong", "displayName": "Wei Kong", "active": false, "timeZone": "America/Los_Angeles" }, "created": "2013-06-24T17:45:49.000+0000", "updated": "2013-06-24T17:45:49.000+0000" }, { "id": "327068", "author": { "name": "ingo", "key": "ingo", "displayName": "Ingo Muschenetz", "active": true, "timeZone": "America/Los_Angeles" }, "body": "I believe this relates to the concept of certificate/public key pinning for which there is a module available. However, leaving this ticket open as we would need to extend this to ACS.", "updateAuthor": { "name": "ingo", "key": "ingo", "displayName": "Ingo Muschenetz", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2014-10-06T20:40:10.000+0000", "updated": "2014-10-06T20:40:10.000+0000" } ], "maxResults": 7, "total": 7, "startAt": 0 } } }