a3b0284837
Specifying SSL certificates for peer verification does an exact match, making it a not-so-obvious alias for the fingerprints option. This changes the checks to OpenSSL which loads concatenated certificate(s) from a single file and does a certificate-authority (chain of trust) check instead. There is no drop in security - a compromised exact match fingerprint has the same worse case failure. There is increased security in allowing separate long-term CA key and short-term SSL server keys. This also removes loading of the system-default CA files if a custom CA file or certificate fingerprint is specified. |
||
---|---|---|
.. | ||
demo | ||
include | ||
src | ||
tests | ||
CMakeLists.txt | ||
LICENSE.txt | ||
README.md |
README.md
epee - is a small library of helpers, wrappers, tools and and so on, used to make my life easier.