Opened 7 years ago

Closed 7 years ago

#9739 closed defect (invalid)

don't hard code certificates/pubkeys in flashproxy programs

Reported by: infinity0 Owned by: dcf
Priority: Medium Milestone:
Component: Archived/Flashproxy Version:
Severity: Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


flashproxy-reg-email and facilitator-email-poller both hard-code certificates and/or pubkeys in their source code.

we should let this be specified by a command line option, perhaps defaulting to /etc/flashproxy/ (for the pubkey) that is already used by the facilitator.

Child Tickets

Change History (2)

comment:1 Changed 7 years ago by dcf

There might be some confusion about what keys are what. The facilitator has its own private key that is used only by the program facilitator-reg-daemon, and only for one purpose: to decrypt encrypted client registrations. This is the key that is set with the --key option of facilitator-reg-daemon, and the --facilitator-pubkey option of flashproxy-client, flashproxy-reg-appspot, flashproxy-reg-email, and flashproxy-reg-url. So unless I misunderstand you, this keypair is already configurable by the command line.

The embedded certs and public key hashes CA_CERTS and PUBKEY_SHA1 in flashproxy-reg-appspot, flashproxy-reg-email, and facilitator-email-poller are for certificate pinning against specific Google services--they are not meant to be configurable. They are deliberately hardcoded, just like they are in Chromium.

comment:2 Changed 7 years ago by infinity0

Resolution: invalid
Status: newclosed

I see. The cert pins are all the same, so I will refactor them all into the common code in #6810.

Note: See TracTickets for help on using tickets.