Commit 19f33952 authored by Juan Batiz-Benet's avatar Juan Batiz-Benet
Browse files

daemon option to optionally disable secio



This commit adds an option to turn off all encryption. This is a mode
used for tests, debugging, achieving protocol implementation interop,
learning about how the protocol works (nc ftw), and worst case
networks which _demand_ to be able to snoop on all the traffic.
(sadly, there are some private intranets like this...). (We should
consider at least _signing_ all this traffic.)

Because of the severity of this sort of thing, this is an
all-or-nothing deal. Either encryption is ON or OFF _fully_.
This way, partially unencrypted nodes cannot be accidentally left
running without the user's understanding. Nodes without encrypted
connections will simply not be able to speak to any of the global
bootstrap nodes, or anybody in the public network.

License: MIT
Signed-off-by: default avatarJuan Batiz-Benet <juan@benet.ai>
parent 49b35719
...@@ -60,7 +60,7 @@ func (d *Dialer) Dial(ctx context.Context, raddr ma.Multiaddr, remote peer.ID) ( ...@@ -60,7 +60,7 @@ func (d *Dialer) Dial(ctx context.Context, raddr ma.Multiaddr, remote peer.ID) (
return return
} }
if d.PrivateKey == nil { if d.PrivateKey == nil || EncryptConnections == false {
log.Warning("dialer %s dialing INSECURELY %s at %s!", d, remote, raddr) log.Warning("dialer %s dialing INSECURELY %s at %s!", d, remote, raddr)
connOut = c connOut = c
return return
......
...@@ -93,3 +93,11 @@ type Listener interface { ...@@ -93,3 +93,11 @@ type Listener interface {
// Any blocked Accept operations will be unblocked and return errors. // Any blocked Accept operations will be unblocked and return errors.
Close() error Close() error
} }
// EncryptConnections is a global parameter because it should either be
// enabled or _completely disabled_. I.e. a node should only be able to talk
// to proper (encrypted) networks if it is encrypting all its transports.
// Running a node with disabled transport encryption is useful to debug the
// protocols, achieve implementation interop, or for private networks which
// -- for whatever reason -- _must_ run unencrypted.
var EncryptConnections = true
...@@ -107,7 +107,7 @@ func (l *listener) Accept() (net.Conn, error) { ...@@ -107,7 +107,7 @@ func (l *listener) Accept() (net.Conn, error) {
return nil, err return nil, err
} }
if l.privk == nil { if l.privk == nil || EncryptConnections == false {
log.Warning("listener %s listening INSECURELY!", l) log.Warning("listener %s listening INSECURELY!", l)
return c, nil return c, nil
} }
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment