artem-smotrakov/esp32-weather-google-sheets

Implement certificate validation

Opened this issue · 0 comments

Currently, the device doesn't validate server certificate which make it vulnerable for man-in-the-middle attacks.

From https://docs.micropython.org/en/latest/library/ussl.html

ussl.wrap_socket(sock, server_side=False, keyfile=None, certfile=None, cert_reqs=CERT_NONE, ca_certs=None)

Let's try passing ca_certs and cert_reqs parameters in a hope that it can turn certificate validation on.