d0s3t3ch/wownero
1
0
Fork 0
mirror of https://git.wownero.com/wownero/wownero.git synced 2024-08-15 01:03:23 +00:00
Code Issues Projects Releases Wiki Activity

Add verify_fail_if_no_cert option for proper client authentication

Browse source 
Using `verify_peer` on server side requests a certificate from the
client. If no certificate is provided, the server silently accepts the
connection and rejects if the client sends an unexpected certificate.
Adding `verify_fail_if_no_cert` has no affect on client and for server
requires that the peer sends a certificate or fails the handshake. This
is the desired behavior when the user specifies a fingerprint or CA file.
This commit is contained in:
Lee Clagett 2019-03-17 16:11:42 -04:00
parent 21eb1b0725
commit 96d602ac84
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
contrib/epee/src/net_ssl.cpp
View file

@ -330,7 +330,7 @@ bool ssl_options_t::handshake(boost::asio::ssl::stream<boost::asio::ip::tcp::soc
socket.set_verify_mode(boost::asio::ssl::verify_none); socket.set_verify_mode(boost::asio::ssl::verify_none);
else else
{ {
socket.set_verify_mode(boost::asio::ssl::verify_peer); socket.set_verify_mode(boost::asio::ssl::verify_peer | boost::asio::ssl::verify_fail_if_no_peer_cert);
socket.set_verify_callback([&](bool preverified, boost::asio::ssl::verify_context &ctx) socket.set_verify_callback([&](bool preverified, boost::asio::ssl::verify_context &ctx)
{ {
// preverified means it passed system or user CA check. System CA is never loaded // preverified means it passed system or user CA check. System CA is never loaded