a3b0284837
Specifying SSL certificates for peer verification does an exact match, making it a not-so-obvious alias for the fingerprints option. This changes the checks to OpenSSL which loads concatenated certificate(s) from a single file and does a certificate-authority (chain of trust) check instead. There is no drop in security - a compromised exact match fingerprint has the same worse case failure. There is increased security in allowing separate long-term CA key and short-term SSL server keys. This also removes loading of the system-default CA files if a custom CA file or certificate fingerprint is specified. |
||
---|---|---|
.. | ||
codefresh | ||
depends | ||
epee | ||
fuzz_testing | ||
gitian | ||
rlwrap | ||
snap | ||
valgrind | ||
CMakeLists.txt |