From 3d150ba5da604569f075b20cc560e7d04aeac993 Mon Sep 17 00:00:00 2001 From: Sadie Powell Date: Sat, 4 Apr 2026 01:41:38 +0100 Subject: Tighten up the TLS requirements for server links. Servers must now either provide a fingerprint in the link config or provide a valid certificate. There's an undocumented (for now) opt-out in the config but even with this set it still doesn't allow expired, revoked, or otherwise invalid certificates. --- modules/spanningtree/utils.cpp | 1 + 1 file changed, 1 insertion(+) (limited to 'modules/spanningtree/utils.cpp') diff --git a/modules/spanningtree/utils.cpp b/modules/spanningtree/utils.cpp index 22b1a7a6a..797d711b2 100644 --- a/modules/spanningtree/utils.cpp +++ b/modules/spanningtree/utils.cpp @@ -285,6 +285,7 @@ void SpanningTreeUtilities::ReadConfiguration(ConfigStatus& status) L->HiddenFromStats = tag->getBool("statshidden"); L->Timeout = tag->getDuration("timeout", 30); L->Hook = tag->getString("sslprofile"); + L->AllowSelfSigned = tag->getBool("allowselfsigned", !L->Fingerprint.empty()); L->Bind = tag->getString("bind"); L->Hidden = tag->getBool("hidden"); -- cgit v1.3.1-10-gc9f91