From 1d63395fd13b8606f502714ee9854b6a5776929f Mon Sep 17 00:00:00 2001 From: JT Olio Date: Fri, 7 Apr 2023 12:10:38 -0400 Subject: [PATCH] storagenode/peer: don't require CA whitelist any longer this change makes it so that the storage node no longer cares if the cert of peers it talks to has been signed by the sno registration server. this is fine because the only reason a storage node would talk to a peer besides the explicitly configured satellites is because a satellite told it to. we have already disabled this on uplinks (uplinks don't care about the peer ca whitelist), and we are starting to consider disabling this on satellites entirely. however, before we really can disable it on satellites, we need to disable it on storage nodes so that graceful exit and node to node transfers can work correctly. Change-Id: I2e0a0781bd247e574b82f0065aafb88804e59c71 --- storagenode/peer.go | 1 + 1 file changed, 1 insertion(+) diff --git a/storagenode/peer.go b/storagenode/peer.go index 35970224f..25d13c4d4 100644 --- a/storagenode/peer.go +++ b/storagenode/peer.go @@ -366,6 +366,7 @@ func New(log *zap.Logger, full *identity.FullIdentity, db DB, revocationDB exten { // setup listener and server sc := config.Server + sc.Config.UsePeerCAWhitelist = false tlsOptions, err := tlsopts.NewOptions(peer.Identity, sc.Config, revocationDB) if err != nil { return nil, errs.Combine(err, peer.Close())