Joe wanted to interact with a social media service’s API. As one does, he went out and found a library for his language, and started investigating it. Now, the API was, unsurprisingly, an HTTP based API, wrapped in TLS for security. The library had a handy built-in function which validated the security certificates to ensure they were still valid and hadn’t been compromised:
Private Function ValidateCertificate(ByVal sender As Object, ByVal certificate As System.Security.Cryptography.X509Certificates.X509Certificate, ByVal chain As System.Security.Cryptography.X509Certificates.X509Chain, ByVal sslPolicyErrors As System.Net.Security.SslPolicyErrors) As Boolean
Return True
End Function
This would definitely be the easiest way to validate the certificate. What could possibly go wrong?
[Advertisement]
Continuously monitor your servers for configuration changes, and report when there’s configuration drift. Get started with Otter today!
Continuously monitor your servers for configuration changes, and report when there’s configuration drift. Get started with Otter today!