brothercorvo
commented
1 month ago @naman108 is this one fixed?
Open bobdrummond opened 3 months ago
brothercorvo
commented
1 month ago @naman108 is this one fixed?
naman108
commented
1 month ago hey @bobdrummond, thanks so much for this report, could you share what version you're using, and send an example of a cert with the private key bundled because, from what I can tell from inspecting certs with openssl, the only private key is that of the client bundled in the client p12 and no private key in the second p12.
Hi, I'm a new user just getting started with ATAK. I was trying to figure out how to change the connectString0 in the generated client packages, and everything I tried to change in config files was ineffective.
While digging into the packages and code FreeTAKServer/core/util/certificate_generation.py I noticed that the CA p12 file zipped into client packages has the CA Private Key included. Is that by design or an accident from reusing _generate_certificate() on the CA?
I manually stripped the CA Private Key out of a p12 file with openssl, made a new zip, and tested on a clean client, and it seems to connect and work. Is there something I'm missing or is this an unnecessary security leak?