mirror of
https://github.com/girlbossceo/conduwuit.git
synced 2025-03-14 18:55:37 +00:00
implement disable TLS validation config option
Signed-off-by: June Clementine Strawberry <june@3.dog>
This commit is contained in:
parent
0e342aab7f
commit
0e2ca7d719
4 changed files with 19 additions and 2 deletions
|
@ -32,6 +32,8 @@ allow_legacy_media = true
|
|||
startup_netburst = true
|
||||
startup_netburst_keep = -1
|
||||
|
||||
allow_invalid_tls_certificates_yes_i_know_what_the_fuck_i_am_doing_with_this_and_i_know_this_is_insecure = true
|
||||
|
||||
# valgrind makes things so slow
|
||||
dns_timeout = 60
|
||||
dns_attempts = 20
|
||||
|
|
|
@ -28,6 +28,10 @@ pub fn check(config: &Config) -> Result {
|
|||
warn!("Note: conduwuit was built without optimisations (i.e. debug build)");
|
||||
}
|
||||
|
||||
if config.allow_invalid_tls_certificates_yes_i_know_what_the_fuck_i_am_doing_with_this_and_i_know_this_is_insecure {
|
||||
warn!("\n\nWARNING: \n\nTLS CERTIFICATE VALIDATION IS DISABLED, THIS IS HIGHLY INSECURE AND SHOULD NOT BE USED IN PRODUCTION.\n\n");
|
||||
}
|
||||
|
||||
warn_deprecated(config);
|
||||
warn_unknown_key(config);
|
||||
|
||||
|
|
|
@ -52,7 +52,7 @@ use crate::{Result, err, error::Error, utils::sys};
|
|||
### For more information, see:
|
||||
### https://conduwuit.puppyirl.gay/configuration.html
|
||||
"#,
|
||||
ignore = "catchall well_known tls blurhashing"
|
||||
ignore = "catchall well_known tls blurhashing allow_invalid_tls_certificates_yes_i_know_what_the_fuck_i_am_doing_with_this_and_i_know_this_is_insecure"
|
||||
)]
|
||||
pub struct Config {
|
||||
/// The server_name is the pretty name of this server. It is used as a
|
||||
|
@ -1806,6 +1806,16 @@ pub struct Config {
|
|||
#[serde(default = "true_fn")]
|
||||
pub config_reload_signal: bool,
|
||||
|
||||
/// Toggles ignore checking/validating TLS certificates
|
||||
///
|
||||
/// This applies to everything, including URL previews, federation requests,
|
||||
/// etc. This is a hidden argument that should NOT be used in production as
|
||||
/// it is highly insecure and I will personally yell at you if I catch you
|
||||
/// using this.
|
||||
#[serde(default)]
|
||||
pub allow_invalid_tls_certificates_yes_i_know_what_the_fuck_i_am_doing_with_this_and_i_know_this_is_insecure:
|
||||
bool,
|
||||
|
||||
// external structure; separate section
|
||||
#[serde(default)]
|
||||
pub blurhashing: BlurhashConfig,
|
||||
|
|
|
@ -128,7 +128,8 @@ fn base(config: &Config) -> Result<reqwest::ClientBuilder> {
|
|||
.pool_max_idle_per_host(config.request_idle_per_host.into())
|
||||
.user_agent(conduwuit::version::user_agent())
|
||||
.redirect(redirect::Policy::limited(6))
|
||||
.connection_verbose(true);
|
||||
.danger_accept_invalid_certs(config.allow_invalid_tls_certificates_yes_i_know_what_the_fuck_i_am_doing_with_this_and_i_know_this_is_insecure)
|
||||
.connection_verbose(cfg!(debug_assertions));
|
||||
|
||||
#[cfg(feature = "gzip_compression")]
|
||||
{
|
||||
|
|
Loading…
Add table
Reference in a new issue