colbygk
commented
4 years ago reviewing now
Closed cwillisf closed 4 years ago
colbygk
commented
4 years ago reviewing now
cwillisf
commented
4 years ago (I rebased this to get automated builds for this branch)
cwillisf
commented
4 years ago I think for now I'd like to leave it as-is since the script is currently written to expect exactly one intermediate between the certificate and the CA, and would need a few other minor adjustments if that changes. If we switch to a certificate chain with a different number of intermediates (meaning 0 or 2+) then I might try to make the scripts more flexible and/or add a -s to the grep :)
Proposed Changes
Load an encrypted version of the HTTPS / WSS certificate files then decrypt them in memory using the encryption libraries already used by Scratch Link. Specifically, the certificates are now encrypted using what OpenSSL calls AES-256-CBC. Also, the Windows build now uses the certificate file under
Certificates/out/instead of copying it into the build tree, reducing the chance that it will be accidentally checked in.Reason for Changes
This should reduce the chances of future certificate problems caused by automated file inspection tools.