Skip to content
This repository has been archived by the owner on Jan 15, 2021. It is now read-only.

We need to get rid of the bogus pem files #667

Open
yaronyg opened this issue Mar 23, 2016 · 4 comments
Open

We need to get rid of the bogus pem files #667

yaronyg opened this issue Mar 23, 2016 · 4 comments
Assignees
Labels
Milestone

Comments

@yaronyg
Copy link
Member

yaronyg commented Mar 23, 2016

There would appear to be a bug in our PSK implementation in JXcore that it requires a public and private key on a HTTPS link even if the only ciphers we are supporting are PSK. So we have to use a static value. This shouldn't allow any connections since our cipher list doesn't include any cert based ciphers but the presence of the publick/private key files and their use in our server configuration makes me nervous.

@yaronyg
Copy link
Member Author

yaronyg commented Jul 11, 2016

Note that the PSK bug is fixed so at this point it's just a question of cleaning up anywhere that we use the certs.

@yaronyg yaronyg added this to the V1 milestone Aug 3, 2016
@yaronyg
Copy link
Member Author

yaronyg commented Aug 3, 2016

I'm fairly sure this has been taken care of but can you please review the code base and see if you can find any PEM files?

@artemjackson
Copy link
Contributor

Considering #835 is this ticket is still actual?

@yaronyg
Copy link
Member Author

yaronyg commented Aug 5, 2016

Only when the time comes to reverse #835 (e.g. when we get the new build of jxcore-cordova with the version of JXcore that doesn't have the PEM bug)

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Projects
None yet
Development

No branches or pull requests

2 participants