Self Signed certificates

For notifying us of what you believe are bugs or errors in EViews.
Please ensure your copy of EViews is up-to-date before posting.

Moderators: EViews Gareth, EViews Moderator

Post Reply
atoch
Posts: 15
Joined: Wed Dec 02, 2009 2:54 am
Location: Paris, France
Contact:
Contact atoch

Self Signed certificates

Postby atoch » Fri Apr 12, 2024 1:44 am

Hello Eviews support and Eviews experts,

Our network security does deep packet inspection and because of that the WFopen command fails because the certificate using for our security uses a self signed certificate.

wfopen(type=txt) https://sdmx.oecd.org/public/rest/data/ ... at=csvfile custom=","

See attached screen capture for Eviews error.
eviews wfopen.png
Error screenshot
eviews wfopen.png (31.26 KiB) Viewed 395 times


When bypassing our security appliance, the same wfopen command works.

Could you please provide a way to specify a location for self-signed certificates or have eviews honor the windows certificate stores ?

Merci

Arnaud Atoch
Top
EViews Steve
EViews Developer
Posts: 799
Joined: Tue Sep 16, 2008 3:00 pm
Location: Irvine, CA

Re: Self Signed certificates

Postby EViews Steve » Tue Apr 16, 2024 7:38 am

I'll create a new command to ignore all ssl certificate errors during that instance of EViews. This fix will be put into EViews 13 only.

Steve
Top
EViews Steve
EViews Developer
Posts: 799
Joined: Tue Sep 16, 2008 3:00 pm
Location: Irvine, CA

Re: Self Signed certificates

Postby EViews Steve » Tue Apr 16, 2024 9:26 am

New undocumented commands have been created:

Code: Select all

IGNORECERTERROR
RESTORECERTERROR

IgnoreCertError tells EViews to ignore any SSL certificate errors encountered when getting data over the internet. This setting will remain on until EViews is restarted or the RESTORECERTERROR cmd is called.

RestoreCertError turns off the ignore and restores default processing of all SSL certificate errors.

I've also added code to make these SSL cert errors appear with better descriptions when they happen.

These changes will be released in the next EViews 13 patch, most likely early next week.

Steve
Top
atoch
Posts: 15
Joined: Wed Dec 02, 2009 2:54 am
Location: Paris, France
Contact:
Contact atoch

Re: Self Signed certificates

Postby atoch » Tue Apr 16, 2024 9:48 am

Thank you for your quick reaction. We'll test as soon as we can get our hands on the updated version of Eviews 13.
Can I ask why you choose to ignore SSL errors rather than adding a command to had a path to additional certificates which seems a more secure approach ?
Top
EViews Steve
EViews Developer
Posts: 799
Joined: Tue Sep 16, 2008 3:00 pm
Location: Irvine, CA

Re: Self Signed certificates

Postby EViews Steve » Tue Apr 16, 2024 9:58 am

Simplicity.

And in fact, even if you have a self-signed certificate authorized in your local Windows store, it's Common Name will most likely not match the host name in your URL due to how your security appliance works (I'm guessing) -- so allowing the self-signed cert to be accepted still requires EViews to lower security. As a quick test, after the next patch, try your WFOPEN command again without calling the new Ignore cmd to see what error message you get.

As a precautionary measure, this new setting will not be the default. You'll have to call it whenever you restart EViews.
Top
Post Reply

Return to “Bug Reports”

Who is online

Users browsing this forum: No registered users and 5 guests