mirror of
https://github.com/monero-project/monero.git
synced 2025-03-20 02:36:06 -04:00
0416764cae
If SSL is "enabled" via command line without specifying a fingerprint or certificate, the system CA list is checked for server verification and _now_ fails the handshake if that check fails. This change was made to remain consistent with standard SSL/TLS client behavior. This can still be overridden by using the allow any certificate flag. If the SSL behavior is autodetect, the system CA list is still checked but a warning is logged if this fails. The stream is not rejected because a re-connect will be attempted - its better to have an unverified encrypted stream than an unverified + unencrypted stream.
epee - is a small library of helpers, wrappers, tools and and so on, used to make my life easier.