New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

We need to get rid of the bogus pem files #667

Open
yaronyg opened this Issue Mar 23, 2016 · 4 comments

Comments

Projects
None yet
2 participants
@yaronyg
Member

yaronyg commented Mar 23, 2016

There would appear to be a bug in our PSK implementation in JXcore that it requires a public and private key on a HTTPS link even if the only ciphers we are supporting are PSK. So we have to use a static value. This shouldn't allow any connections since our cipher list doesn't include any cert based ciphers but the presence of the publick/private key files and their use in our server configuration makes me nervous.

@yaronyg

This comment has been minimized.

Show comment
Hide comment
@yaronyg

yaronyg Jul 11, 2016

Member

Note that the PSK bug is fixed so at this point it's just a question of cleaning up anywhere that we use the certs.

Member

yaronyg commented Jul 11, 2016

Note that the PSK bug is fixed so at this point it's just a question of cleaning up anywhere that we use the certs.

@yaronyg yaronyg added this to the V1 milestone Aug 3, 2016

@yaronyg

This comment has been minimized.

Show comment
Hide comment
@yaronyg

yaronyg Aug 3, 2016

Member

I'm fairly sure this has been taken care of but can you please review the code base and see if you can find any PEM files?

Member

yaronyg commented Aug 3, 2016

I'm fairly sure this has been taken care of but can you please review the code base and see if you can find any PEM files?

@artemjackson

This comment has been minimized.

Show comment
Hide comment
@artemjackson

artemjackson Aug 5, 2016

Contributor

Considering #835 is this ticket is still actual?

Contributor

artemjackson commented Aug 5, 2016

Considering #835 is this ticket is still actual?

@yaronyg

This comment has been minimized.

Show comment
Hide comment
@yaronyg

yaronyg Aug 5, 2016

Member

Only when the time comes to reverse #835 (e.g. when we get the new build of jxcore-cordova with the version of JXcore that doesn't have the PEM bug)

Member

yaronyg commented Aug 5, 2016

Only when the time comes to reverse #835 (e.g. when we get the new build of jxcore-cordova with the version of JXcore that doesn't have the PEM bug)

@yaronyg yaronyg added the P1 label Aug 8, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment