Enabling daemon-rpc SSL now requires non-system CA verification

If `--daemon-ssl enabled` is set in the wallet, then a user certificate, fingerprint, or onion/i2p address must be provided.
author: Lee Clagett <code@leeclagett.com> 2019-04-06 21:28:37 -0400
committer: Lee Clagett <code@leeclagett.com> 2019-04-07 13:02:43 -0400
commit: 2e578b8214b8b47d7ddefceb1cbf2d8129e85a5a (patch)
tree: 103d97e9da3ceb4c6b2311dac3b41cb9e7085026 /contrib/epee/include
parent: Require manual override for user chain certificates. (diff)
download: monero-2e578b8214b8b47d7ddefceb1cbf2d8129e85a5a.tar.xz
1 files changed, 3 insertions, 0 deletions
diff --git a/contrib/epee/include/net/net_ssl.h b/contrib/epee/include/net/net_ssl.h
index 726dcb61a..957903ff8 100644
--- a/contrib/epee/include/net/net_ssl.h
+++ b/contrib/epee/include/net/net_ssl.h
@@ -100,6 +100,9 @@ namespace net_utils
     //! \return False iff ssl is disabled, otherwise true.
     explicit operator bool() const noexcept { return support != ssl_support_t::e_ssl_support_disabled; }
 
+    //! \retrurn True if `host` can be verified using `this` configuration WITHOUT system "root" CAs.
+    bool has_strong_verification(boost::string_ref host) const noexcept;
+
     //! Search against internal fingerprints. Always false if `behavior() != user_certificate_check`.
     bool has_fingerprint(boost::asio::ssl::verify_context &ctx) const;
author	Lee Clagett <code@leeclagett.com>	2019-04-06 21:28:37 -0400
committer	Lee Clagett <code@leeclagett.com>	2019-04-07 13:02:43 -0400
commit	2e578b8214b8b47d7ddefceb1cbf2d8129e85a5a (patch)
tree	103d97e9da3ceb4c6b2311dac3b41cb9e7085026 /contrib/epee/include
parent	Require manual override for user chain certificates. (diff)
download	monero-2e578b8214b8b47d7ddefceb1cbf2d8129e85a5a.tar.xz