Go Back   FlashFXP Forums > >

Project: FlashFXP Bug Reports Ticket Tools
ID: 1088 Category: FlashFXP Bug
Title: ca_root.pem suddenly outside of flashfxp portable directory during upgrade Status: Closed (Fixed / Implemented)
Severity: Medium Version: 5.2

Senior Member
benjamin3
12-19-2015, 03:02 PM
ca_root.pem suddenly outside of flashfxp portable directory during upgrade

hi bigstar

im using ffxp portable directory and i remember that during last time i upgrade from 390x to 3905 during the upgrade process i think i left the directory to an upper directory and just let the update process proceed during that time. i dont think this could/would be a problem for flashfxp.exe if it upgrades itself with the liveupdate downloaded latest build .

today i saw that ca_root.pem file (date 13th december 2015) was just outside that directory :

sha1: 3E72EBA0BCA80FCB0022DB227EE9AE257D915D0F
ca_root.pem

inside the ffxp directory there was an older ca_root.pem file dated with 30th november 2015 . i just took the 13th december one and overwrote.

well this file is regularly updated by you regarding root/sub/intermediate CA's i think . is there any internal check of flashfxp.exe to have this file e.g. digitally signed so no MITM could just exchange that file? is this file modified by user itself if adding/removing CA's ? not sure . most of the ssl/tls servers out there use self-signed certitifcates instead of wildcard CN certs from valid/official CAs.

i just wondered why the file is laying outside and wanted to report.

thanks
ben
Senior Member
benjamin3
12-19-2015, 03:09 PM
Re: ca_root.pem suddenly outside of flashfxp portable directory during upgrade

Senior Member
benjamin3
12-19-2015, 03:14 PM
Re: ca_root.pem suddenly outside of flashfxp portable directory during upgrade

this is what it looks like , and inside ffxp directory it looks like this :



the checksum is :


sha1: 3E72EBA0BCA80FCB0022DB227EE9AE257D915D0F
ca_root.pem


perhaps you can explain what happenend here,

thanks
ben
FlashFXP Developer
bigstar
12-20-2015, 10:02 PM
Re: ca_root.pem suddenly outside of flashfxp portable directory during upgrade

Build 3903 was released with some debug code that set the location of the ca_root.pem to d:\temp\ for debugging purposes.

During a code review the mistake was realized and immediately corrected with build 3905.

When FlashFXP starts up it reads the Windows root certificate store to memory, it then compares the copy in memory with the ca_root.pem stored on disk, if they differ then the file on disk is updated, if not then the file on disk doesn't change.

This file is loaded and used by OpenSSL to verify the trust of a x.509 chain during the server connection login.

The windows root certificate store doesn't change very often maybe a couple times year via windows update, perhaps more often if the changes are made by the user.
Ticket Tools
Subscribe to this Ticket


Posting Rules
You may not post new tickets

Smilies are On
[IMG] code is On
HTML code is Off


All times are GMT -5. The time now is 12:40 PM.

Parts of this site powered by vBulletin Mods & Addons from DragonByte Technologies Ltd. (Details)