Open xloem opened 2 years ago
I'd be curious to see an estimate of how many servers do and don't. I know my server is self-signed currently.
Hey, it's been a while since I worked on this and I don't remember it well, but it's a feature I tend to worry about if missing from peer to peer projects. I'm afraid I'm not presently using electrum or bsv.
I do think there are lots of great further improvements in addition to this one, to include self-signed certificates, such as exchanging public keys of peers, and pinning certificates. One can also get a free signature at letsencrypt.org .
It turns out electrumx is configured to not ever verify certificates.
Some of the server certificates are actually configured with authorities and can be verified.
In these changes I attempted to default to verifying certificates, and provide a warning if it fails. It would be safer to mark the peers bad but I'm not sure there are that many hosts with certificates in the chain of trust.