From: Michael Marley <michael@michaelmarley.com>
Date: Sat, 14 Feb 2015 01:12:18 +0000 (-0500)
Subject: Don't require SSL for loopback connections with --require-ssl
X-Git-Tag: 0.12-rc1~5^2
X-Git-Url: https://git.quassel-irc.org/?p=quassel.git;a=commitdiff_plain;h=86399b61aa6f0d5101bf02588eb99fdcfdea3c63

Don't require SSL for loopback connections with --require-ssl

Encrypting a loopback connection is a pointless waste of computing
power.  This patch will allow people to use loopback connections
from things like quassel-webserver without encryption while still
requiring encryption for remote connections.
---

diff --git a/src/common/main.cpp b/src/common/main.cpp
index 3f6cab54..d4833a4f 100644
--- a/src/common/main.cpp
+++ b/src/common/main.cpp
@@ -161,7 +161,7 @@ int main(int argc, char **argv)
     cliParser->addSwitch("oidentd", 0, "Enable oidentd integration");
     cliParser->addOption("oidentd-conffile", 0, "Set path to oidentd configuration file", "file");
 #ifdef HAVE_SSL
-    cliParser->addSwitch("require-ssl", 0, "Require SSL for client connections");
+    cliParser->addSwitch("require-ssl", 0, "Require SSL for remote (non-loopback) client connections");
 #endif
     cliParser->addSwitch("enable-experimental-dcc", 0, "Enable highly experimental and unfinished support for CTCP DCC (DANGEROUS)");
 #endif
diff --git a/src/core/coreauthhandler.cpp b/src/core/coreauthhandler.cpp
index 75a29282..92b32c5c 100644
--- a/src/core/coreauthhandler.cpp
+++ b/src/core/coreauthhandler.cpp
@@ -158,7 +158,7 @@ void CoreAuthHandler::handle(const RegisterClient &msg)
     else
         useSsl = _connectionFeatures & Protocol::Encryption;
 
-    if (Quassel::isOptionSet("require-ssl") && !useSsl) {
+    if (Quassel::isOptionSet("require-ssl") && !useSsl && !_peer->isLocal()) {
         _peer->dispatch(ClientDenied(tr("<b>SSL is required!</b><br>You need to use SSL in order to connect to this core.")));
         _peer->close();
         return;