MITM: recreating private/public keys all the time #368
Conversation
… code my own expiration, this one is "good enough"
signer.go
Outdated
| @@ -16,8 +16,10 @@ import ( | |||
| "net" | |||
| "sort" | |||
| "time" | |||
| "github.com/zond/gotomic" | |||
There was a problem hiding this comment.
Can we do that without introducing another depdendency?
| @@ -77,6 +97,7 @@ func signHost(ca tls.Certificate, hosts []string) (cert *tls.Certificate, err er | |||
| } | |||
|
|
|||
| var certpriv crypto.Signer | |||
|
|
|||
There was a problem hiding this comment.
Can we put the whitespace changes in a different commit?
|
@stiray @elazarl @engineering-this : see hazcod@152f865 and hazcod@578522f for a possibly better implementation. |
|
Ok, I am not using github and I dont even intend to as I have my own git server and I am quite happy with shell so I wont be clicking anything here any more... Regarding the "race condition" which was probably merged due to clicking to "resolve whatever" which was a mistake if "the semaphore fix" came into code. The race condition was put there deliberately to avoid synchronizing multiple threads using synchronization object at a cost that here and then the certificate is generated without any reason which is performance wise better decision. But nvm me, this was a drive by code, it have my own git server/repo/fork (ignore the one that is on github, wont be updated any more) so please do whatever feels appropriate for you. |
... has huge impact on speed of processing, with this change the RSA and ECDSA keys are created within "init()" and used when needed. This is quick fix, please set it to some configuration variable if you consider that it is useful to generate them on each request. I dont think this would impact the security on client side.