diff options
author | Lee Clagett <code@leeclagett.com> | 2019-03-17 22:06:36 -0400 |
---|---|---|
committer | Lee Clagett <code@leeclagett.com> | 2019-04-07 00:44:37 -0400 |
commit | 0416764caec5b2d504c820e71d74a4934c3e2c3e (patch) | |
tree | c9d7344daa3903e200a6968c1b29cb8c35ce027a /cmake | |
parent | Add `verify_fail_if_no_cert` option for proper client authentication (diff) | |
download | monero-0416764caec5b2d504c820e71d74a4934c3e2c3e.tar.xz |
Require server verification when SSL is enabled.
If SSL is "enabled" via command line without specifying a fingerprint or
certificate, the system CA list is checked for server verification and
_now_ fails the handshake if that check fails. This change was made to
remain consistent with standard SSL/TLS client behavior. This can still
be overridden by using the allow any certificate flag.
If the SSL behavior is autodetect, the system CA list is still checked
but a warning is logged if this fails. The stream is not rejected
because a re-connect will be attempted - its better to have an
unverified encrypted stream than an unverified + unencrypted stream.
Diffstat (limited to 'cmake')
0 files changed, 0 insertions, 0 deletions