From bb93a4934971da95c16c287d7ac9d90a5101da42 Mon Sep 17 00:00:00 2001 From: Roy Lee Date: Mon, 11 Jul 2022 16:44:18 -0700 Subject: [PATCH] [lbry] config: allow non-localhost connections with TLS disabled --- config.go | 16 +--------------- doc.go | 4 +--- 2 files changed, 2 insertions(+), 18 deletions(-) diff --git a/config.go b/config.go index aee85c3f..1e5f0392 100644 --- a/config.go +++ b/config.go @@ -977,13 +977,8 @@ func loadConfig() (*config, []string, error) { // Only allow TLS to be disabled if the RPC is bound to localhost // addresses. if !cfg.DisableRPC && cfg.DisableTLS { - allowedTLSListeners := map[string]struct{}{ - "localhost": {}, - "127.0.0.1": {}, - "::1": {}, - } for _, addr := range cfg.RPCListeners { - host, _, err := net.SplitHostPort(addr) + _, _, err := net.SplitHostPort(addr) if err != nil { str := "%s: RPC listen interface '%s' is " + "invalid: %v" @@ -992,15 +987,6 @@ func loadConfig() (*config, []string, error) { fmt.Fprintln(os.Stderr, usageMessage) return nil, nil, err } - if _, ok := allowedTLSListeners[host]; !ok { - str := "%s: the --notls option may not be used " + - "when binding RPC to non localhost " + - "addresses: %s" - err := fmt.Errorf(str, funcName, addr) - fmt.Fprintln(os.Stderr, err) - fmt.Fprintln(os.Stderr, usageMessage) - return nil, nil, err - } } } diff --git a/doc.go b/doc.go index 84a96ea8..fc7e4573 100644 --- a/doc.go +++ b/doc.go @@ -102,9 +102,7 @@ Application Options: server is disabled by default if no rpcuser/rpcpass or rpclimituser/rpclimitpass is specified - --notls Disable TLS for the RPC server -- NOTE: This is - only allowed if the RPC server is bound to - localhost + --notls Disable TLS for the RPC server --onion= Connect to tor hidden services via SOCKS5 proxy (eg. 127.0.0.1:9050) --onionpass= Password for onion proxy server