![[ChimeraX Issue Tracking System]](/trac/ChimeraX/chrome/site/ChimeraX-icon.svg){kind=icon}
Opened 4 years ago
Closed 3 weeks ago
#7224 closed defect (not a bug)
REST server key file contains private key on Mac ARM64 — at Version 2
| Reported by: | Tom Goddard | Owned by: | Zach Pearson |
|---|---|---|---|
| Priority: | moderate | Milestone: | |
| Component: | Web Services | Version: | |
| Keywords: | Cc: | Greg Couch, Eric Pettersen | |
| Blocked By: | Blocking: | ||
| Notify when closed: | Platform: | all | |
| Project: | ChimeraX |
Description (last modified by )
The rest_server bundles generates a server.pem self-signed certificate using OpenSSL. On ARM64 Mac the file includes a private key and certificate, and on Intel Mac it only contains the certificate. Should fix this so the files are the same, probably leaving out the private key.
I guess the ARM54 openssl command in bundles/rest_server/Makefile has different default options on ARM64 Mac vs Intel Mac. Weird. Not sure which file is correct. Seems like probably the private key should not be in the file (does not seem too "private" since we distribute it).
Noticed this difference when trying to make a Mac universal build ticket #7222.
Change History (2)
comment:1 by , 4 years ago
comment:2 by , 3 weeks ago
| Description: | modified (diff) |
|---|---|
| Resolution: | → not a bug |
| Status: | assigned → closed |
AFAIK, this key only exists to let users connect to the local REST server over HTTPS (it stops Chrome from complaining about insecure connections).
We could generate these keys on the client side per user, but there's no real risk to leaving it as-is.
This is Conrad code. Probably Zach knows best what the ChimeraX REST server does with this key, so assigning to Zach.