Closed redred77 closed 5 years ago
The option was lost by an refactor. But it makes sense, in my opinion, to re-add a way.
Agree ... may be useful for controlled environments with self-signed certificates.
@redred77 could you please clarify whether you're experiencing problems with public pools or if your're trying to connect to some self-signed certificate ? Exactly which is the issue ?
@AndreaLanfranchi I want to connect to miningpoolhub.com miningpoolhub's all mining ports are compatible with ssl(tls) connections but it's self-signed.
@redred77 I'm not sure about your statement. The site miningpoolhub.com has a public valid certificate. Nevertheless I can't see on their site any indication about ssl/tls ports for stratum mining.
miningpoolhub's all mining ports are compatible with ssl(tls)
This makes no sense to me: a port can be either protected or not protected ... a port can't be both.
@AndreaLanfranchi Hi This is miningpoolhub. We use some trick to distinguish secure/normal connection attempts and allocate appropriate socket for each of them. About a year ago we tried to support zcash miner's tls connection and applied this trick to all ports. Currently, "us-east.ethash-hub.miningpoolhub.com:20535" port supports both normal and secure connection for ethereum mining. This works well with claymore -checkert 0 option. (Actually no miner checked certification at that time, so we used self signed)
Website uses cloudflare's certification. We haven't applied public valid certification to mining ports. I think it's good to enable that option.
@miningpoolhub interesting to hear. This means, I guess, you implemented an intermediate layer (a proxy) to identify plain vs encrypted connections and eventually redirect to effective port.
I personally strongly discourage the override of certificate chain validation as it silently exposes users to risks like spoofing and ip redirect: certificate validation is there to ensure both endpoints are what they're meant to be.
Nevertheless the option has been re-enabled. Hope you'll implement public certificate validation soon.
Regards.
@miningpoolhub Using letsencrypt would cost no coin :wink: - maybe you can use it? (Knowing the certificate has "only" a ~3 month valid time)
@AndreaLanfranchi Yeah it's similar. Little trick but makes things less confusing for users. I understand and agree the need of certificate validation in security point. But actually I couldn't see some serious demand for this feature because nobody asked about this before.
@StefanOberhumer Thank you for the info. I knew letsencrypt but a bit lazy to implement it. I'll look into it. Or maybe I'll purchase other simple traditional one.
Solved by PR #1630
Is your feature request related to a problem? Please describe. I want to connect via ssl but certificate verification is the problem.
Describe the solution you'd like I just want to skip that verification.
Describe alternatives you've considered I could find some comments and discussions but anything works for latest version.
https://github.com/ethereum-mining/ethminer/blob/master/libpoolprotocols/stratum/EthStratumClient.cpp#L571 "* Disable certificate verification all-together via command-line option.";
What is the option for this? Is it deprecated?
Additional context Add any other context or screenshots about the feature request here.