CA Private Key in Client connection Data Package? #683
Comments
|
@naman108 is this one fixed? |
|
hey @bobdrummond, thanks so much for this report, could you share what version you're using, and send an example of a cert with the private key bundled because, from what I can tell from inspecting certs with openssl, the only private key is that of the client bundled in the client p12 and no private key in the second p12. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi, I'm a new user just getting started with ATAK. I was trying to figure out how to change the connectString0 in the generated client packages, and everything I tried to change in config files was ineffective.
While digging into the packages and code
FreeTAKServer/core/util/certificate_generation.py I noticed that the CA p12 file zipped into client packages has the CA Private Key included. Is that by design or an accident from reusing _generate_certificate() on the CA?
I manually stripped the CA Private Key out of a p12 file with openssl, made a new zip, and tested on a clean client, and it seems to connect and work. Is there something I'm missing or is this an unnecessary security leak?
The text was updated successfully, but these errors were encountered: