stack_wallet icon indicating copy to clipboard operation
stack_wallet copied to clipboard

Published 20 hours ago verified publisher icon cypherstack

Validate SSL certificate for electrum servers

Open danrmiller opened this issue 2 years ago • 4 comments

There is no warning given if a TLS certificate for an electrum server is self-signed, expired, etc. Please add a warning, show fingerprint, and allow user to choose if they want to still connect, in a similar manner to how its handled for monero servers.

danrmiller avatar May 05 '23 15:05 danrmiller

https://github.com/cypherstack/stack_wallet/blob/b41d31fd32738879f7fe52dc769faa82c60f377b/lib/electrumx_rpc/rpc.dart#LL58C26-L58C26 is where certs are currently ignored

sneurlax avatar May 23 '23 17:05 sneurlax

Without adding too much additional UI, we could add an advanced setting to accept bad certificates. It'd be better to add it with a more intuitive design, but that could be a minimalist change which could add some safety while still preserving the ability to connect to servers with bad or self-signed certificates

sneurlax avatar May 25 '23 18:05 sneurlax

Without adding too much additional UI, we could add an advanced setting to accept bad certificates. It'd be better to add it with a more intuitive design, but that could be a minimalist change which could add some safety while still preserving the ability to connect to servers with bad or self-signed certificates

nvm, having discussed this, it'd probably be better to do what we do for monero or else show a dialog/modal

sneurlax avatar May 25 '23 19:05 sneurlax

Oops, I somehow forgot there was already #245. I'll close that one since unlike this one it has no discussion.

danrmiller avatar Jun 21 '23 00:06 danrmiller