Solderpunk
88daabe091
Main motivation for this was to switch from keying the cache cert database off hostname + address to hostname + port. While making the necessary changes I refactored to reduce code duplication and make the overall flow of the TOFU checks more transparent. The check of whether the "previous certificate" has expired has been changed from using the most frequently seen previous cert to the most recently seen, which makes a *lot* more sense and is arguably a bug fix. The address column of the DB is now used only for reporting, but the column is not maintained well, or rather, the semantics are currently "address cert was first received from", and we may want something less static? |
||
---|---|---|
.. | ||
__init__.py | ||
cache.py | ||
certmanager.py | ||
client.py | ||
main.py | ||
tofu.py | ||
util.py |