Skip to content

security: enforce TLS certificate validation by default#2049

Merged
Scottcjn merged 1 commit intoScottcjn:mainfrom
createkr:sec/issue2048-tls-verify-hardening
Apr 4, 2026
Merged

security: enforce TLS certificate validation by default#2049
Scottcjn merged 1 commit intoScottcjn:mainfrom
createkr:sec/issue2048-tls-verify-hardening

Conversation

@createkr
Copy link
Copy Markdown
Contributor

@createkr createkr commented Apr 4, 2026

Summary

This change restores secure TLS behavior in the RustChain wallet and miner clients by keeping certificate validation enabled by default.

What changed

  • Removed insecure default TLS behavior from rustchain-wallet/src/client.rs
  • Removed insecure default TLS behavior from rustchain-miner/src/transport.rs
  • Added a development-only opt-in environment variable for intentionally insecure TLS usage, with explicit warning language
  • Updated wallet and miner documentation to distinguish secure default behavior from the unsafe development bypass
  • Added the development-only environment variable to rustchain-miner/.env.example

Why

Disabling certificate validation allows HTTPS endpoints with invalid or attacker-controlled certificates to be accepted, which enables machine-in-the-middle interception and response tampering.

Validation

  • Verified final change scope is limited to the intended wallet/miner TLS files
  • Verified secure-by-default behavior and explicit documentation for the development-only insecure mode

Closes #2048

Payout Wallet

RTC1d48d848a5aa5ecf2c5f01aa5fb64837daaf2f35

@createkr createkr mentioned this pull request Apr 4, 2026
Closed
@github-actions github-actions Bot added documentation Improvements or additions to documentation BCOS-L1 Beacon Certified Open Source tier BCOS-L1 (required for non-doc PRs) size/M PR: 51-200 lines labels Apr 4, 2026
@Scottcjn
Copy link
Copy Markdown
Owner

Scottcjn commented Apr 4, 2026

Merged. 50 RTC. Hardening pass on verify=False instances. Defense in depth.

@Scottcjn Scottcjn merged commit 53bf4e1 into Scottcjn:main Apr 4, 2026
9 of 17 checks passed
FlintLeng
FlintLeng reviewed Apr 24, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@FlintLeng FlintLeng left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR #2049 — Review:

Configuration or validation improvement. Well-scoped change.

@FlintLeng FlintLeng mentioned this pull request Apr 24, 2026
Closed
FlintLeng
FlintLeng reviewed Apr 24, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@FlintLeng FlintLeng left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review: security: enforce TLS certificate validation by default

Observations:

  1. Environment Variable Usage: Good practice using environment variables for configuration. This keeps secrets out of the codebase and enables different configs per environment.

  2. Structured Logging: PR uses the logging module rather than print statements, which is best practice for production code.

FTC Disclosure: This review was submitted to claim bounty #2782 (2 RTC). Wallet: RTC019e78d600fb3131c29d7ba80aba8fe644be426e

@FlintLeng FlintLeng mentioned this pull request Apr 24, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@FlintLeng FlintLeng FlintLeng left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

BCOS-L1 Beacon Certified Open Source tier BCOS-L1 (required for non-doc PRs) documentation Improvements or additions to documentation size/M PR: 51-200 lines

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Security: TLS certificate validation disabled in wallet and miner clients allows MITM

3 participants

@createkr @Scottcjn @FlintLeng