I'll probably reveal my ignorance of SSL here, but it is worrisome to me
that we distribute a PEM file that contains a default server key and
certificate.  This seems like an exceedingly bad idea.

We also distribute a private key to be used for sftp.  (Shouldn't there
be a corresponding public key?)  This seems like a very bad idea too.

The good news is that neither are these are enabled by default, however,
there are commented examples in the configuration file with comments
blithely telling people to uncomment them to get HTTPS or SFTP support,
using public "private" keys.

Am I missing something?

BTW, are there tests of the HTTPS and SFTP support?


Jim Fulton           mailto:[EMAIL PROTECTED]       Python Powered!
CTO                  (540) 361-1714            http://www.python.org
Zope Corporation     http://www.zope.com       http://www.zope.org
Zope3-dev mailing list
Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com

Reply via email to