0416764cae
If SSL is "enabled" via command line without specifying a fingerprint or certificate, the system CA list is checked for server verification and _now_ fails the handshake if that check fails. This change was made to remain consistent with standard SSL/TLS client behavior. This can still be overridden by using the allow any certificate flag. If the SSL behavior is autodetect, the system CA list is still checked but a warning is logged if this fails. The stream is not rejected because a re-connect will be attempted - its better to have an unverified encrypted stream than an unverified + unencrypted stream. |
||
---|---|---|
.. | ||
demo | ||
include | ||
src | ||
tests | ||
CMakeLists.txt | ||
LICENSE.txt | ||
README.md |
epee - is a small library of helpers, wrappers, tools and and so on, used to make my life easier.