diff options
| author | 2026-04-04 01:41:38 +0100 | |
|---|---|---|
| committer | 2026-04-04 01:51:38 +0100 | |
| commit | 3d150ba5da604569f075b20cc560e7d04aeac993 (patch) | |
| tree | 632d544c28d261424aab96c276494fba05b9c800 /modules/spanningtree/utils.cpp | |
| parent | Fix determining if a TLS certificate is usable. (diff) | |
Tighten up the TLS requirements for server links.
Servers must now either provide a fingerprint in the link config or provide a
valid certificate. There's an undocumented (for now) opt-out in the config but
even with this set it still doesn't allow expired, revoked, or otherwise invalid
certificates.
Diffstat (limited to 'modules/spanningtree/utils.cpp')
| -rw-r--r-- | modules/spanningtree/utils.cpp | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/modules/spanningtree/utils.cpp b/modules/spanningtree/utils.cpp index 22b1a7a6a..797d711b2 100644 --- a/modules/spanningtree/utils.cpp +++ b/modules/spanningtree/utils.cpp @@ -285,6 +285,7 @@ void SpanningTreeUtilities::ReadConfiguration(ConfigStatus& status) L->HiddenFromStats = tag->getBool("statshidden"); L->Timeout = tag->getDuration("timeout", 30); L->Hook = tag->getString("sslprofile"); + L->AllowSelfSigned = tag->getBool("allowselfsigned", !L->Fingerprint.empty()); L->Bind = tag->getString("bind"); L->Hidden = tag->getBool("hidden"); |
