Question:
We need an example of a code for downloading a page or a file using the https protocol with authentication, that is, so that it would be impossible to wedge into the session and forge a response. The whole thing will be on Delphi 7, but the C code will also work, you can use winapi (Win7+) and / or openSSL dll'ku.
Answer:
It will be enough to make an additional check of the public key of the server.
The point is that the client is aware that there is no stranger on the server side, because the task of MITM is to replace the public key for the client, with which the client encrypts the pre master secret.
If you know the private key of the server in advance, then MITM is no longer terrible for you , because. you can easily check whether the public key received from the server side corresponds to your previously known private key.
This is easy to do if you take an arbitrary string, encode it with a public key, and decode it with a private one (known to you in advance). If you don't get the original string, you can signal a MITM attack to the user and take appropriate action.
I do not provide the code, because the solution is too specific and, in my opinion, requires some kind of ready-made infrastructure, which I don’t have right now. Perhaps later, when there is time and opportunity for this.
But if you provide your code or API that can monitor SSL for you, in particular, the Server Certificate package, then I will give the minimum algorithm for working with OpenSSL.
In most cases, the private key will not be available to you. This is logical, that's why it is "private" in order to guarantee the safety of only the dialogue, and not the entire chain of intermediaries, one way or another, involved in the "conversation".
So I'll give you another one. a good option, the so-called. – certificate authority .
In this configuration, for certificate authentication, the server owner issues a root certificate (CA) 1 to its users. The essence of this protection is that any server certificate is signed with a digital signature that can be verified by this CA.
Of course, OpenSSL also has an API for such a case, but I have not yet encountered the need for such a check, so I won’t tell you with the code yet, but it can be easily googled using the keywords openssl api verify ca.
An easier option is to use openssl directly :
$ openssl verify -verbose -CAfile cacert.pem server.crt
server.crt: OK
but this will require client-side openssl binaries to be installed.
1 The CA certificate is transferred to the client in any available way, for example: sent by mail, or made available to the public on the owner's website, or installed in the certificate store on the client side through the installer – there are a lot of options, the main thing is that it be available to the client at the time of establishing a connection with server.
Since the answer was a victim of moderator arbitrariness, and someone carefully sawed all my comments into the chat, leaving only the "correct" ones. Here are my main points in my answer:
- This is my second answer, mutilated by the moderator. My first answer was given to explain how the private key protects against MITM (and the moderator thoughtlessly merged this answer with the second one). My second answer was given to show a technique designed specifically to prevent MITM.
- Discussion about the wrong actions of the moderator on the meta .
- Discussion on a similar question from the general meta (thanks to @Sasha Chernykh for the information)
- I hope that the common sense of the community members will win over the unskilled behavior of the administration.