Git-Mirrors/monero
1
0
Fork 0
mirror of https://github.com/monero-project/monero.git synced 2025-05-06 10:15:00 -04:00
Code Issues Projects Releases Packages Wiki Activity

Enabling daemon-rpc SSL now requires non-system CA verification

Browse source 
If `--daemon-ssl enabled` is set in the wallet, then a user certificate,
fingerprint, or onion/i2p address must be provided.
This commit is contained in:
Lee Clagett 2019-04-06 21:28:37 -04:00
parent d58f368289
commit 2e578b8214
4 changed files with 51 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

3
contrib/epee/include/net/net_ssl.h
View file

@ -100,6 +100,9 @@ namespace net_utils
//! \return False iff ssl is disabled, otherwise true.
explicit operator bool() const noexcept { return support != ssl_support_t::e_ssl_support_disabled; }
//! \retrurn True if `host` can be verified using `this` configuration WITHOUT system "root" CAs.
bool has_strong_verification(boost::string_ref host) const noexcept;
//! Search against internal fingerprints. Always false if `behavior() != user_certificate_check`.
bool has_fingerprint(boost::asio::ssl::verify_context &ctx) const;