diff options
| author | Maxim Cournoyer <maxim.cournoyer@gmail.com> | 2025-04-11 10:58:18 +0900 |
|---|---|---|
| committer | Maxim Cournoyer <maxim.cournoyer@gmail.com> | 2025-04-14 10:34:51 +0900 |
| commit | a42630e85b82ad2b5cecc9163a422084cf09ff4c (patch) | |
| tree | 3a82fa95cc79db11213ce7ae6de473930162621d | |
| parent | f47ff4fccec1a5ec8b939e9d7f54dffb4ef673d9 (diff) | |
| download | guix-a42630e85b82ad2b5cecc9163a422084cf09ff4c.tar.gz guix-a42630e85b82ad2b5cecc9163a422084cf09ff4c.zip | |
services: ngircd: Expose a new ssl-verify? option.
* gnu/services/messaging.scm (ngircd-server) [ssl-verify?]: New field.
* doc/guix.texi (Messaging Services): Regenerate doc.
Change-Id: Ia2d6e557bd89448d8cc2d1cd88e606e2b1ef5029
| -rw-r--r-- | doc/guix.texi | 10 | ||||
| -rw-r--r-- | gnu/services/messaging.scm | 10 |
2 files changed, 18 insertions, 2 deletions
diff --git a/doc/guix.texi b/doc/guix.texi index 88a1505779..53fd1baf26 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -30738,7 +30738,15 @@ Set to @code{#t} to disable automatic connection even if the port value is specified. @item @code{ssl-connect?} (default: @code{#f}) (type: maybe-boolean) -Connect to the remote server using TLS/SSL. +Set to @code{#t} to enforce the use of TLS to connect to the remote +server. + +@item @code{ssl-verify?} (default: @code{#t}) (type: maybe-boolean) +Set to @code{#f} to disable the verification of the TLS certificate +presented by the remote server. This can be useful if the remote server +uses a self-signed certificate. Beware that this degrades security by +enabling man-in-the-middle attacks, as the @emph{remote site is not +verified at all}. @end table diff --git a/gnu/services/messaging.scm b/gnu/services/messaging.scm index c0f1f83d66..6607fa296a 100644 --- a/gnu/services/messaging.scm +++ b/gnu/services/messaging.scm @@ -141,6 +141,7 @@ ngircd-server-group ngircd-server-passive? ngircd-server-ssl-connect? + ngircd-server-ssl-verify? ngircd-channel ngircd-channel? ngircd-channel-name @@ -1357,7 +1358,14 @@ connections (passive, which is the default).") specified.") (ssl-connect? (maybe-boolean #f) - "Connect to the remote server using TLS/SSL.") + "Set to @code{#t} to enforce the use of TLS to connect to the remote +server.") + (ssl-verify? + (maybe-boolean #t) + "Set to @code{#f} to disable the verification of the TLS certificate +presented by the remote server. This can be useful if the remote server uses +a self-signed certificate. Beware that this degrades security by enabling +man-in-the-middle attacks, as the @emph{remote site is not verified at all}.") (prefix ngircd-)) (define list-of-ngircd-servers? |