mirror of
https://codeberg.org/anoncontributorxmr/monero.git
synced 2024-11-10 21:23:27 +01:00
a3b0284837
Specifying SSL certificates for peer verification does an exact match, making it a not-so-obvious alias for the fingerprints option. This changes the checks to OpenSSL which loads concatenated certificate(s) from a single file and does a certificate-authority (chain of trust) check instead. There is no drop in security - a compromised exact match fingerprint has the same worse case failure. There is increased security in allowing separate long-term CA key and short-term SSL server keys. This also removes loading of the system-default CA files if a custom CA file or certificate fingerprint is specified. |
||
|---|---|---|
| .. | ||
| buffer.cpp | ||
| CMakeLists.txt | ||
| connection_basic.cpp | ||
| hex.cpp | ||
| http_auth.cpp | ||
| memwipe.c | ||
| mlocker.cpp | ||
| mlog.cpp | ||
| net_helper.cpp | ||
| net_ssl.cpp | ||
| net_utils_base.cpp | ||
| network_throttle-detail.cpp | ||
| network_throttle.cpp | ||
| readline_buffer.cpp | ||
| string_tools.cpp | ||
| wipeable_string.cpp | ||