From 86399b61aa6f0d5101bf02588eb99fdcfdea3c63 Mon Sep 17 00:00:00 2001 From: Michael Marley Date: Fri, 13 Feb 2015 20:12:18 -0500 Subject: [PATCH] Don't require SSL for loopback connections with --require-ssl Encrypting a loopback connection is a pointless waste of computing power. This patch will allow people to use loopback connections from things like quassel-webserver without encryption while still requiring encryption for remote connections. --- src/common/main.cpp | 2 +- src/core/coreauthhandler.cpp | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/common/main.cpp b/src/common/main.cpp index 3f6cab54..d4833a4f 100644 --- a/src/common/main.cpp +++ b/src/common/main.cpp @@ -161,7 +161,7 @@ int main(int argc, char **argv) cliParser->addSwitch("oidentd", 0, "Enable oidentd integration"); cliParser->addOption("oidentd-conffile", 0, "Set path to oidentd configuration file", "file"); #ifdef HAVE_SSL - cliParser->addSwitch("require-ssl", 0, "Require SSL for client connections"); + cliParser->addSwitch("require-ssl", 0, "Require SSL for remote (non-loopback) client connections"); #endif cliParser->addSwitch("enable-experimental-dcc", 0, "Enable highly experimental and unfinished support for CTCP DCC (DANGEROUS)"); #endif diff --git a/src/core/coreauthhandler.cpp b/src/core/coreauthhandler.cpp index 75a29282..92b32c5c 100644 --- a/src/core/coreauthhandler.cpp +++ b/src/core/coreauthhandler.cpp @@ -158,7 +158,7 @@ void CoreAuthHandler::handle(const RegisterClient &msg) else useSsl = _connectionFeatures & Protocol::Encryption; - if (Quassel::isOptionSet("require-ssl") && !useSsl) { + if (Quassel::isOptionSet("require-ssl") && !useSsl && !_peer->isLocal()) { _peer->dispatch(ClientDenied(tr("SSL is required!
You need to use SSL in order to connect to this core."))); _peer->close(); return; -- 2.20.1