Does validating self-signed certificates yourself prevent man-in-the-middle attacks ?

[EricLVertiGIS]

Hi, I'm not sure how HttpClientHandler validates the server's SSL certificate so I wanted to check with the community. Say I have a server with a self-signed / untrusted certificate. If I try to make a request to that server, in HttpClientHandler's ServerCertificateCustomValidationCallback , the errors parameter will indicate that there was an error verifying the server's SSL certificate.

ServerCertificateCustomValidationCallback also has a cert parameter. If I check the cert parameter against the server's cert downloaded onto my device, does that ensure my client is talking to the correct server ?

From my understanding, the X509Certificate2 cert argument is just the server's public key, so checking my downloaded cert against the public key doesn't work because someone can spoof the public key. Or does the X509Certificate2 format or HttpClientHandler prevent this.

In Chrome, you can import a .crt file so that Chrome will trust that certificate, how can I do that for HttpClients (without having to add the certificate to my device's Trusted Root Authority store) ?

[bartonjs]

https://datatracker.ietf.org/doc/html/rfc8446#section-2 has a diagram of the handshake messages.

The server presents its certificate in the Certificate part of the server handshake messages, and then follows that with CertificateVerify, which is a signature of the handshake (as they've written it) using the private key belonging to the certificate.

If the client can't verify the signature from CertificateVerify, the handshake fails before your callback is called (it's not recoverable).

So, by the time you see the callback, the certificate in cert is a) the certificate the server presented as their identity, and b) they've proven possession of the private key.

If your self-signed cert is permitted to mismatch the hostname, then a callback like return cert != null && cert.RawDataMemory.Span.SequenceEquals(s_selfSigned); is valid. If you care that the hostname portion checked out, you need to pay attention to that bit in the SslPolicyErrors enum, and if you want "my self-signed cert or an already trusted cert", then it'd be even more complicated.

So,

so checking my downloaded cert against the public key doesn't work because someone can spoof the public key. Or does the X509Certificate2 format or HttpClientHandler prevent this.

If your self-signed cert is public (e.g. checked into a repository), then, sure, anyone can use it. But if you're the only one who has access to the private key, then the CertificateVerify message means you don't have to worry about that.

In Chrome, you can import a .crt file so that Chrome will trust that certificate, how can I do that for HttpClients (without having to add the certificate to my device's Trusted Root Authority store) ?

private static HttpClient OpenHttpClient()
{
    SocketsHttpHandler handler = new();
    handler.SslOptions.CertificateChainPolicy = new X509ChainPolicy()
    {
        // Use "now" as of when the chain is being checked, not "now" as of the time of this ctor.
        VerificationTimeIgnored = true,
        // Only trust the certs I say to trust
        TrustMode = X509ChainTrustMode.CustomRootTrust,
        // Trust these certs.
        CustomTrustStore = { s_selfSignedCert, },

        // It still has to be a TLS-Server cert
        ApplicationPolicy = { new Oid("1.3.6.1.5.5.7.3.1", "1.3.6.1.5.5.7.3.1"), },
    };

    return new HttpClient(handler);
}

That's not 100% the same, since it replaces the trust list for the HttpClient, there's no "system trust plus these other certs".

[Clockwork-Muse]

@EricLVertiGIS - note that if your desire to not install this root is to prevent it from being used to sign other sites, there are ways to mark root certificates as only valid for a certain set of domains (requires the root cert to be created that way, though, not something you can do on their behalf).

[EricLVertiGIS]

@bartonjs Thank you, I learned a lot.

[uniasnunes3324-sketch]

Ariu Arfr RLF Wkn Hko Oizrw Hog Onw Gllwe
Xcs i Hwgn ggrrz

[uniasnunes3324-sketch]

Hwzcgg