mirror of
https://codeberg.org/anoncontributorxmr/monero.git
synced 2024-12-02 03:53:14 +00:00
a3b0284837
Specifying SSL certificates for peer verification does an exact match, making it a not-so-obvious alias for the fingerprints option. This changes the checks to OpenSSL which loads concatenated certificate(s) from a single file and does a certificate-authority (chain of trust) check instead. There is no drop in security - a compromised exact match fingerprint has the same worse case failure. There is increased security in allowing separate long-term CA key and short-term SSL server keys. This also removes loading of the system-default CA files if a custom CA file or certificate fingerprint is specified. |
||
---|---|---|
.. | ||
buffer.cpp | ||
CMakeLists.txt | ||
connection_basic.cpp | ||
hex.cpp | ||
http_auth.cpp | ||
memwipe.c | ||
mlocker.cpp | ||
mlog.cpp | ||
net_helper.cpp | ||
net_ssl.cpp | ||
net_utils_base.cpp | ||
network_throttle-detail.cpp | ||
network_throttle.cpp | ||
readline_buffer.cpp | ||
string_tools.cpp | ||
wipeable_string.cpp |