storagenode/peer: don't require CA whitelist any longer

this change makes it so that the storage node no longer cares if the cert of peers it talks to has been signed by the sno registration server. this is fine because the only reason a storage node would talk to a peer besides the explicitly configured satellites is because a satellite told it to. we have already disabled this on uplinks (uplinks don't care about the peer ca whitelist), and we are starting to consider disabling this on satellites entirely. however, before we really can disable it on satellites, we need to disable it on storage nodes so that graceful exit and node to node transfers can work correctly. Change-Id: I2e0a0781bd247e574b82f0065aafb88804e59c71
2023-04-07 12:10:38 -04:00 · 2023-04-07 12:10:38 -04:00 · 1d63395fd1
commit 1d63395fd1
parent 5b65e10563
1 changed files with 1 additions and 0 deletions
--- a/storagenode/peer.go
+++ b/storagenode/peer.go
@ -366,6 +366,7 @@ func New(log *zap.Logger, full *identity.FullIdentity, db DB, revocationDB exten
 	{ // setup listener and server
 		sc := config.Server

+		sc.Config.UsePeerCAWhitelist = false
 		tlsOptions, err := tlsopts.NewOptions(peer.Identity, sc.Config, revocationDB)
 		if err != nil {
 			return nil, errs.Combine(err, peer.Close())