Add an opt-out to the SSL enforcement for running in a container.

2025-03-08 17:19:01 -05:00 · 2025-03-02 12:58:40 +00:00 · 2025-03-02 12:58:40 +00:00 · 42afdfd072
commit 42afdfd072
parent 030d710575
1 changed files with 12 additions and 1 deletions
--- a/src/modules/m_spanningtree/server.cpp
+++ b/src/modules/m_spanningtree/server.cpp
@ -23,6 +23,8 @@
 */


+#include <filesystem>
+
 #include "inspircd.h"
 #include "modules/ssl.h"

@ -33,6 +35,15 @@
 #include "treesocket.h"
 #include "commands.h"

+namespace
+{
+	bool RunningInContainer()
+	{
+		std::error_code ec;
+		return std::filesystem::is_regular_file("/.dockerenv", ec);
+	}
+}
+
 /*
 * Some server somewhere in the network introducing another server.
 *	-- w
@ -139,7 +150,7 @@ std::shared_ptr<Link> TreeSocket::AuthRemote(const CommandBase::Params& params)
 			ssliohook->GetCiphersuite(ciphersuite);
 			ServerInstance->SNO.WriteToSnoMask('l', "Negotiated ciphersuite {} on link {}", ciphersuite, x->Name);
 		}
-		else if (!capab->remotesa.is_local())
+		else if (!capab->remotesa.is_local() && !RunningInContainer())
 		{
 			this->SendError("Non-local server connections MUST be linked with SSL!");
 			return nullptr;