From 834a3bf857d25dd50c9582ba93464be9605fb21e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9o=20Lam?= Date: Mon, 13 Mar 2017 22:30:32 +0100 Subject: [PATCH] Default to SSL verify on Defaulting to SSL verification off, *and* forcing it to be off even when the emulated software asks us to enable it is very bad behaviour, inaccurate and insecure. Because the old option defaulted to off, we have to change the INI option name to force the new default to be used. Unfortunate, but without this we cannot ensure our users' security. --- Source/Core/Core/ConfigManager.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Source/Core/Core/ConfigManager.cpp b/Source/Core/Core/ConfigManager.cpp index d96cb2073a..0324e2d732 100644 --- a/Source/Core/Core/ConfigManager.cpp +++ b/Source/Core/Core/ConfigManager.cpp @@ -325,7 +325,7 @@ void SConfig::SaveNetworkSettings(IniFile& ini) network->Set("SSLDumpRead", m_SSLDumpRead); network->Set("SSLDumpWrite", m_SSLDumpWrite); - network->Set("SSLVerifyCert", m_SSLVerifyCert); + network->Set("SSLVerifyCertificates", m_SSLVerifyCert); network->Set("SSLDumpRootCA", m_SSLDumpRootCA); network->Set("SSLDumpPeerCert", m_SSLDumpPeerCert); } @@ -660,7 +660,7 @@ void SConfig::LoadNetworkSettings(IniFile& ini) network->Get("SSLDumpRead", &m_SSLDumpRead, false); network->Get("SSLDumpWrite", &m_SSLDumpWrite, false); - network->Get("SSLVerifyCert", &m_SSLVerifyCert, false); + network->Get("SSLVerifyCertificates", &m_SSLVerifyCert, true); network->Get("SSLDumpRootCA", &m_SSLDumpRootCA, false); network->Get("SSLDumpPeerCert", &m_SSLDumpPeerCert, false); }