On 3/8/20 9:05 am, Alexander Carôt wrote:
I repeat: whatever you do, don't ship a private key.
Allright - will consider alternative ideas.
Consider generating your own root CA certificate and asking your users
to install that in their browser. Then sign the site certificate (for a
> I repeat: whatever you do, don't ship a private key.
Allright - will consider alternative ideas.
Best
Alex
--
http://www.carot.de
Email : alexan...@carot.de
Tel.: +49 (0)177 5719797
> Gesendet: Montag, 03. August 2020 um 00:28 Uhr
> Von: "Thiago Macieira"
> An: interest@qt-project.org
>
On Sunday, 2 August 2020 11:43:42 PDT Alexander Carôt wrote:
> P.S.: Also I don't see a way to get access to the key - it is compiled into
> the binary and on top of it it's triple-secured/encypted.
Very easy to put a breakpoint in your code after it has decrypted the key.
Especially if you're
> > > Can anyone send me hint how to provide backward compatibility at least to
> > > 10.13 (fixing the symbol issue) or lower (fixing the SSL issue) ?
> >
> > You didn't say what symbols they were.
>
> Sorry - this is the one which was reported most of the time:
>
> __chkstd_darwin
> Irrespective to any other detail in this thread: this is, by definition,
> not secure (sec by obscurity).
Completely right but my point is that my current use case actually does not
require any security at all. I am really not interested in trivializing
security at all, however, in feel like
Il 02/08/20 20:43, Alexander Carôt ha scritto:
Also I don't see a way to get access to the key - it is compiled into the
binary and on top of it it's triple-secured/encypted
Irrespective to any other detail in this thread: this is, by definition,
not secure (sec by obscurity).
My 2 c,
--
P.S.: Also I don't see a way to get access to the key - it is compiled into the
binary and on top of it it's triple-secured/encypted. This is what we made sure
of course. We had lot of talks with several security experts and the common
opinion was "well - it's all localhost traffic which per se
> I don't think this is a good idea. You might be violating the terms of
> service
> of your certificate provider by doing that. Please check with them.
In fact I already did - nobody has a concern about it. This traffic is
completey running on localhost - so nobody apart from the user itself
> That warning is printed when you try to use one of the QSslSocket functions
> that require OpenSSL and the OpenSSL libraries are not found.
>
> Make sure QSslSocket::supportSsl() returns true. You have to ship the OpenSSL
> 1.1 libraries yourself, they are not part of Qt, not even of the
On Friday, 31 July 2020 23:53:08 PDT Alexander Carôt wrote:
> Eventually we figured the ideal solution:
>
> We ordered a certificate for a sub-domain of our main domain and made the
> DNS point to localhost.
>
> This way we can address our localhost connection via
>
> localhost.ourDomain.net
>
On Saturday, 1 August 2020 00:13:21 PDT Alexander Carôt wrote:
> Hello all,
>
> my software's websocket server is now running in secure mode including
> certificate integration. This works great apart from two details.
>
> 1.) On some Windows machines I get the following error:
>
>
On Saturday, 1 August 2020 08:00:29 PDT Jason H wrote:
> IANAL, and this dives into legal issues, but if the creature function took a
> path to a binary, and some options (assuming openssl options?) and allow
> the developer/user to specify the binary, I think the legal issues would be
> avoided.
12 matches
Mail list logo
