Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

My apologies if this is too subjective, but I am looking for advice on best prac

ID: 659870 • Letter: M

Question

My apologies if this is too subjective, but I am looking for advice on best practices. We maintain a small program written in Python that runs on our customers' servers and communicates back with our servers. We are using Python's ssl module which relies on openssl to protect this communication back to our servers. This program is run on older Linux systems (think RHEL5) as well as Windows variants. (Yes, the ssl module doesn't come by default with Python 2.4, but please ignore that issue for the sake of this question.)

Our plan is to include a file with the program containing the certificate authority that issued our current SSL certificate, as well as some other authorities that we may use in the future. That way, we know that no matter what is on the customer's servers, our certificate authority will be trusted.

Is this reasonable, or does openssl provide a good enough list of certificate authorities even for old openssl versions that we should not need to worry about this ourselves? Are there any issues we should also consider with regards to providing our own certificate authority list, beyond just locking us into that list for future SSL certs?

Explanation / Answer

OpenSSL does not come with a list of trusted certificate agencies, it only has a default path where it looks for these CA. On Linux and *BSD this path is usually populated by the OS, often based on the list Mozilla uses in the Firefox browser.

But, there is no such list on Windows, because OpenSSL can not deal with they way windows stores the certificates. There is also no such list on OS X, but Apple added a hack to OpenSSL as shipped on Mac OS X to somehow integrate into their native key chain.

This means, if you want to have a controlled behavior you better ship with your own list of trusted CA. And if the program should only connect back only to your server it might be the best to include only the CAs relevant for this task.

Related Questions

My Specific question regards Q3 LIFO and FIFO because my excel template only inc
Question #2488879
My Subscriptions / Courses / ACC211:Session B-Principles of Financial Accounting
Question #2539232
My Subscriptions / Courses/ ACC2120B01-Acc212 fall 2017/ Ch 14: Analysis and int
Question #2562531
My Subscriptions /Courses ACC211:Session B-Principles of Financial Accounting /
Question #2552469
My Subscriptions Courses ACC211-Financial Accounting / Chapter 7 Chapter 7 homew
Question #2511661
My Subscriptions Question text Assessing Financial Statement Effects of Transact
Question #2415375
My TSS values would be .23g/500ml or .08g/l ..... I need the three answers on th
Question #616
My TU-Towson Univensity CHAPTER 3 work ng with Finans @Soled Matet wk e Ratos. A
Question #2815914
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
My apologies if a variation of this question has been asked before, but due to i
Next
My apologies in advance if this is not a good forum for this question; pointers

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.