aboutsummaryrefslogtreecommitdiff
path: root/modules/spanningtree/utils.cpp
diff options
context:
space:
mode:
authorGravatar Sadie Powell2026-04-04 01:41:38 +0100
committerGravatar Sadie Powell2026-04-04 01:51:38 +0100
commit3d150ba5da604569f075b20cc560e7d04aeac993 (patch)
tree632d544c28d261424aab96c276494fba05b9c800 /modules/spanningtree/utils.cpp
parentFix determining if a TLS certificate is usable. (diff)
Tighten up the TLS requirements for server links.
Servers must now either provide a fingerprint in the link config or provide a valid certificate. There's an undocumented (for now) opt-out in the config but even with this set it still doesn't allow expired, revoked, or otherwise invalid certificates.
Diffstat (limited to 'modules/spanningtree/utils.cpp')
-rw-r--r--modules/spanningtree/utils.cpp1
1 files changed, 1 insertions, 0 deletions
diff --git a/modules/spanningtree/utils.cpp b/modules/spanningtree/utils.cpp
index 22b1a7a6a..797d711b2 100644
--- a/modules/spanningtree/utils.cpp
+++ b/modules/spanningtree/utils.cpp
@@ -285,6 +285,7 @@ void SpanningTreeUtilities::ReadConfiguration(ConfigStatus& status)
L->HiddenFromStats = tag->getBool("statshidden");
L->Timeout = tag->getDuration("timeout", 30);
L->Hook = tag->getString("sslprofile");
+ L->AllowSelfSigned = tag->getBool("allowselfsigned", !L->Fingerprint.empty());
L->Bind = tag->getString("bind");
L->Hidden = tag->getBool("hidden");