|
|
|
|
@ -9,6 +9,8 @@
|
|
|
|
|
|
|
|
|
|
#include "paymentrequestplus.h"
|
|
|
|
|
|
|
|
|
|
#include "util.h"
|
|
|
|
|
|
|
|
|
|
#include <stdexcept>
|
|
|
|
|
|
|
|
|
|
#include <openssl/x509.h>
|
|
|
|
|
@ -150,7 +152,13 @@ bool PaymentRequestPlus::getMerchant(X509_STORE* certStore, QString& merchant) c
|
|
|
|
|
int result = X509_verify_cert(store_ctx);
|
|
|
|
|
if (result != 1) {
|
|
|
|
|
int error = X509_STORE_CTX_get_error(store_ctx);
|
|
|
|
|
throw SSLVerifyError(X509_verify_cert_error_string(error));
|
|
|
|
|
// For testing payment requests, we allow self signed root certs!
|
|
|
|
|
// This option is just shown in the UI options, if -help-debug is enabled.
|
|
|
|
|
if (!(error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT && GetBoolArg("-allowselfsignedrootcertificates", false))) {
|
|
|
|
|
throw SSLVerifyError(X509_verify_cert_error_string(error));
|
|
|
|
|
} else {
|
|
|
|
|
qDebug() << "PaymentRequestPlus::getMerchant: Allowing self signed root certificate, because -allowselfsignedrootcertificates is true.";
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
X509_NAME *certname = X509_get_subject_name(signing_cert);
|
|
|
|
|
|
|
|
|
|
|
Wladimir J. van der Laan
10 years ago