sneurlax
commented
1 year ago https://github.com/cypherstack/stack_wallet/blob/b41d31fd32738879f7fe52dc769faa82c60f377b/lib/electrumx_rpc/rpc.dart#LL58C26-L58C26 is where certs are currently ignored
Open danrmiller opened 1 year ago
sneurlax
commented
1 year ago https://github.com/cypherstack/stack_wallet/blob/b41d31fd32738879f7fe52dc769faa82c60f377b/lib/electrumx_rpc/rpc.dart#LL58C26-L58C26 is where certs are currently ignored
sneurlax
commented
1 year ago Without adding too much additional UI, we could add an advanced setting to accept bad certificates. It'd be better to add it with a more intuitive design, but that could be a minimalist change which could add some safety while still preserving the ability to connect to servers with bad or self-signed certificates
sneurlax
commented
1 year ago Without adding too much additional UI, we could add an advanced setting to accept bad certificates. It'd be better to add it with a more intuitive design, but that could be a minimalist change which could add some safety while still preserving the ability to connect to servers with bad or self-signed certificates
nvm, having discussed this, it'd probably be better to do what we do for monero or else show a dialog/modal
danrmiller
commented
1 year ago Oops, I somehow forgot there was already #245. I'll close that one since unlike this one it has no discussion.
There is no warning given if a TLS certificate for an electrum server is self-signed, expired, etc. Please add a warning, show fingerprint, and allow user to choose if they want to still connect, in a similar manner to how its handled for monero servers.