-
It's mainly about the way we parse and validate them. Almost all of the parts of validation that were being done in modules/policy/policy.lua and daemon/tls.c got moved to daemon/bindings/net.c, so it's easier to follow that. Also more checks are being done now, e.g. contents of .pin_sha256 and .hostname strings.
