JakeHillion/storj
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

storagenode/peer: don't require CA whitelist any longer

Browse Source 
this change makes it so that the storage node no longer
cares if the cert of peers it talks to has been signed
by the sno registration server. this is fine because
the only reason a storage node would talk to a peer
besides the explicitly configured satellites is because
a satellite told it to.

we have already disabled this on uplinks (uplinks don't
care about the peer ca whitelist), and we are starting
to consider disabling this on satellites entirely.
however, before we really can disable it on satellites,
we need to disable it on storage nodes so that graceful
exit and node to node transfers can work correctly.

Change-Id: I2e0a0781bd247e574b82f0065aafb88804e59c71
This commit is contained in:
JT Olio 2023-04-07 12:10:38 -04:00 committed by Storj Robot
parent 5b65e10563
commit 1d63395fd1
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
storagenode/peer.go
View File

@ -366,6 +366,7 @@ func New(log *zap.Logger, full *identity.FullIdentity, db DB, revocationDB exten
{ // setup listener and server { // setup listener and server
sc := config.Server sc := config.Server
sc.Config.UsePeerCAWhitelist = false
tlsOptions, err := tlsopts.NewOptions(peer.Identity, sc.Config, revocationDB) tlsOptions, err := tlsopts.NewOptions(peer.Identity, sc.Config, revocationDB)
if err != nil { if err != nil {
return nil, errs.Combine(err, peer.Close()) return nil, errs.Combine(err, peer.Close())