Clarify certificate verification in Cisco CSD trojan scripts
The desired logic is that:
- When
CSD_SHA256
is empty or not set, let cURL verify certificates using the usual default method. - When a public key is specified in
CSD_SHA256
, tell cURL to verify server certificates against that public key.
The latter is possible with cURL ≥ 7.39 and options -k --pinnedpubkey
. Unfortunately, option --pinnedpubkey
is not available in cURL < 7.39, in which case we have to skip certificate verification.
Fixes #483 (closed).
Edited by Daniel Lenski