05/13: services: ngircd: Expose a new ssl-verify? option.

Sun, 13 Apr 2025 18:38:27 -0700 

apteryx pushed a commit to branch master
in repository guix.

commit a42630e85b82ad2b5cecc9163a422084cf09ff4c
Author: Maxim Cournoyer <maxim.courno...@gmail.com>
AuthorDate: Fri Apr 11 10:58:18 2025 +0900

    services: ngircd: Expose a new ssl-verify? option.
    
    * gnu/services/messaging.scm (ngircd-server) [ssl-verify?]: New field.
    * doc/guix.texi (Messaging Services): Regenerate doc.
    
    Change-Id: Ia2d6e557bd89448d8cc2d1cd88e606e2b1ef5029
---
 doc/guix.texi              | 10 +++++++++-
 gnu/services/messaging.scm | 10 +++++++++-
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index 88a1505779..53fd1baf26 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -30738,7 +30738,15 @@ Set to @code{#t} to disable automatic connection even 
if the port value
 is specified.
 
 @item @code{ssl-connect?} (default: @code{#f}) (type: maybe-boolean)
-Connect to the remote server using TLS/SSL.
+Set to @code{#t} to enforce the use of TLS to connect to the remote
+server.
+
+@item @code{ssl-verify?} (default: @code{#t}) (type: maybe-boolean)
+Set to @code{#f} to disable the verification of the TLS certificate
+presented by the remote server.  This can be useful if the remote server
+uses a self-signed certificate.  Beware that this degrades security by
+enabling man-in-the-middle attacks, as the @emph{remote site is not
+verified at all}.
 
 @end table
 
diff --git a/gnu/services/messaging.scm b/gnu/services/messaging.scm
index c0f1f83d66..6607fa296a 100644
--- a/gnu/services/messaging.scm
+++ b/gnu/services/messaging.scm
@@ -141,6 +141,7 @@
             ngircd-server-group
             ngircd-server-passive?
             ngircd-server-ssl-connect?
+            ngircd-server-ssl-verify?
             ngircd-channel
             ngircd-channel?
             ngircd-channel-name
@@ -1357,7 +1358,14 @@ connections (passive, which is the default).")
 specified.")
   (ssl-connect?
    (maybe-boolean #f)
-   "Connect to the remote server using TLS/SSL.")
+   "Set to @code{#t} to enforce the use of TLS to connect to the remote
+server.")
+  (ssl-verify?
+   (maybe-boolean #t)
+   "Set to @code{#f} to disable the verification of the TLS certificate
+presented by the remote server.  This can be useful if the remote server uses
+a self-signed certificate.  Beware that this degrades security by enabling
+man-in-the-middle attacks, as the @emph{remote site is not verified at all}.")
   (prefix ngircd-))
 
 (define list-of-ngircd-servers?

Reply via email to