mirror of
https://github.com/sigp/lighthouse.git
synced 2026-03-20 05:14:35 +00:00
a1befd89aa
## Issue Addressed Fix the `cargo-audit` failure for the recent openssl bug involving parsing of untrusted certificates (CVE-2022-0778). ## Additional Info Lighthouse loads remote certificates in the following cases: * When connecting to an eth1 node (`--eth1-endpoints`). * When connecting to a beacon node from the VC (`--beacon-nodes`). * When connecting to a beacon node for checkpoint sync (`--checkpoint-sync-url`). In all of these cases we are already placing a lot of trust in the server at the other end, however due to the scope for MITM attacks we are still potentially vulnerable. E.g. an ISP could inject an invalid certificate for the remote host which would cause Lighthouse to hang indefinitely.
162 KiB
162 KiB