Implement Server SSL fingerprint check
If we connect to a SSL server (not STARTTLS) and no CA cert has been specified for verification, we check the configured SSL fingerprint and bail out in case it has not been set yet, or it does not match. This means one more mandatory option for SSL configuration, but it improves security a lot. Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de> Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
This commit is contained in:
Sebastian Spaeth
committed by
Nicolas Sebrecht
Nicolas Sebrecht
parent
5cbec30b3e
commit
8800fa37a3
@ -17,6 +17,10 @@ New Features
|
||||
synchronization, but only skip that message, informing the user at the
|
||||
end of the sync run.
|
||||
|
||||
* If you connect via ssl and 'cert_fingerprint' is configured, we check
|
||||
that the server certificate is actually known and identical by
|
||||
comparing the stored sha1 fingerprint with the current one.
|
||||
|
||||
Changes
|
||||
-------
|
||||
|
||||
|
||||
Reference in New Issue
Block a user