Implement certificate validation
Opened this issue · 0 comments
artem-smotrakov commented
Currently, the device doesn't validate server certificate which make it vulnerable for man-in-the-middle attacks.
From https://docs.micropython.org/en/latest/library/ussl.html
ussl.wrap_socket(sock, server_side=False, keyfile=None, certfile=None, cert_reqs=CERT_NONE, ca_certs=None)
Let's try passing ca_certs
and cert_reqs
parameters in a hope that it can turn certificate validation on.