From 42afdfd072c16bb762c5f7db9f0eed19b1acedf6 Mon Sep 17 00:00:00 2001
From: Sadie Powell <sadie@witchery.services>
Date: Sun, 2 Mar 2025 12:58:40 +0000
Subject: [PATCH] Add an opt-out to the SSL enforcement for running in a
 container.

---
 src/modules/m_spanningtree/server.cpp | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/src/modules/m_spanningtree/server.cpp b/src/modules/m_spanningtree/server.cpp
index 25fae9099..a2c6163f9 100644
--- a/src/modules/m_spanningtree/server.cpp
+++ b/src/modules/m_spanningtree/server.cpp
@@ -23,6 +23,8 @@
  */
 
 
+#include <filesystem>
+
 #include "inspircd.h"
 #include "modules/ssl.h"
 
@@ -33,6 +35,15 @@
 #include "treesocket.h"
 #include "commands.h"
 
+namespace
+{
+	bool RunningInContainer()
+	{
+		std::error_code ec;
+		return std::filesystem::is_regular_file("/.dockerenv", ec);
+	}
+}
+
 /*
  * Some server somewhere in the network introducing another server.
  *	-- w
@@ -139,7 +150,7 @@ std::shared_ptr<Link> TreeSocket::AuthRemote(const CommandBase::Params& params)
 			ssliohook->GetCiphersuite(ciphersuite);
 			ServerInstance->SNO.WriteToSnoMask('l', "Negotiated ciphersuite {} on link {}", ciphersuite, x->Name);
 		}
-		else if (!capab->remotesa.is_local())
+		else if (!capab->remotesa.is_local() && !RunningInContainer())
 		{
 			this->SendError("Non-local server connections MUST be linked with SSL!");
 			return nullptr;