Private key available in repo

ortuman / jackal

💬 Instant messaging server for the Extensible Messaging and Presence Protocol (XMPP).

Apache License 2.0

1.44k stars 128 forks source link

Private key available in repo #10

Closed belak closed 6 years ago

belak commented 6 years ago

I doubt you meant to commit your certs to the repo, but they should be removed (and probably invalidate/revoke them).

ortuman commented 6 years ago

Hi belak! The fact is that jackal enfoces the use of a TLS/SSL connection, and that cert is nothing more than a localhost domain self signed certificate with no expiration date. The idea is to allow anyone to try the server without having to deal with any cert issues. I'm also considering to implement auto TLS vía Let's Encrypt in the future. :)

belak commented 6 years ago

Sounds good. Thanks for clarifying!

ortuman commented 6 years ago

In order to avoid confusions, I've updated the README.md file explaining how to generate a default self-signed certificate. Also updated the Dockerfile. ;)