Git-Mirrors/monero
1
0
Fork 0
mirror of https://github.com/monero-project/monero.git synced 2025-05-31 05:24:23 -04:00
Code Issues Projects Releases Packages Wiki Activity

Require manual override for user chain certificates.

Browse source 
An override for the wallet to daemon connection is provided, but not for
other SSL contexts. The intent is to prevent users from supplying a
system CA as the "user" whitelisted certificate, which is less secure
since the key is controlled by a third party.
This commit is contained in:
Lee Clagett 2019-04-04 13:35:33 -04:00
parent 97cd1fa98d
commit d58f368289
3 changed files with 10 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
contrib/epee/include/net/net_ssl.h
View file

@ -51,7 +51,8 @@ namespace net_utils
{
none = 0, //!< Do not verify peer.
system_ca, //!< Verify peer via system ca only (do not inspect user certificates)
user_certificates //!< Verify peer via user certificate(s) only.
user_certificates,//!< Verify peer via specific (non-chain) certificate(s) only.
user_ca //!< Verify peer via specific (possibly chain) certificate(s) only.
};
struct ssl_authentication_t