I’m building the Mbedtls 2.16.0 sources myself and found something I cannot explain, hopefully someone with more knowledge could give me some insight. When I did a composition analysis with Black Duck it seems that binaries linking with the library have human readable private keys included(!). My question is where do these come from and how can I prevent this? The following Mbedtls files are included in one of my libraries:
-
certs.o -
pkcs11.o -
x509.o -
x509_create.o -
x509_crl.o -
x509_crt.o -
x509_csr.o -
x509write_crt.o -
x509write_csr.o