No validation of leaf certificate

Question

No validation of leaf certificate

Closed this issue 2 years ago · 3 comments

Hey, I believe that your code is not validating the first certificate in the chain and therefore anyone can send a fake server-to-server notification and get validated. See more details in the comment I left in stackoverflow.

Happy to provide more info if needed!

Answer 1 · 2023-03-23T11:13:39.000Z

Yes, you are right. To ensure the integrity of the certificate chain, it is necessary to verify the leaf certificate. I overlooked this point at the time. I could fix it later, or welcome to submit your PR. @Guillembonet

Answer 2 · 2023-03-23T13:05:20.000Z

@richzw okay yeah, leave it for me I will PR later. Always nice to contribute to opensource!

Answer 3 · 2023-03-23T16:17:44.000Z

There you go @richzw