Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

We need to get rid of the bogus pem files #667

Open
yaronyg opened this issue Mar 23, 2016 · 4 comments
Open

We need to get rid of the bogus pem files #667

yaronyg opened this issue Mar 23, 2016 · 4 comments
Assignees
Labels
bug
Milestone

Comments

@yaronyg
Copy link
Member

@yaronyg yaronyg commented Mar 23, 2016

There would appear to be a bug in our PSK implementation in JXcore that it requires a public and private key on a HTTPS link even if the only ciphers we are supporting are PSK. So we have to use a static value. This shouldn't allow any connections since our cipher list doesn't include any cert based ciphers but the presence of the publick/private key files and their use in our server configuration makes me nervous.

@yaronyg
Copy link
Member Author

@yaronyg yaronyg commented Jul 11, 2016

Note that the PSK bug is fixed so at this point it's just a question of cleaning up anywhere that we use the certs.

@yaronyg yaronyg added this to the V1 milestone Aug 3, 2016
@yaronyg
Copy link
Member Author

@yaronyg yaronyg commented Aug 3, 2016

I'm fairly sure this has been taken care of but can you please review the code base and see if you can find any PEM files?

@artemjackson
Copy link
Contributor

@artemjackson artemjackson commented Aug 5, 2016

Considering #835 is this ticket is still actual?

@yaronyg
Copy link
Member Author

@yaronyg yaronyg commented Aug 5, 2016

Only when the time comes to reverse #835 (e.g. when we get the new build of jxcore-cordova with the version of JXcore that doesn't have the PEM bug)

@yaronyg yaronyg added the P1 label Aug 8, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants
You can’t perform that action at this time.