add (back) query_trusted_key_servers_first w/ additional configuration detail
Signed-off-by: Jason Volk <jason@zemos.net>
This commit is contained in:
Jason Volk
strawberry
parent
ac75ebee8a
commit
b505f0d0d7
4 changed files with 116 additions and 23 deletions
|
|
@ -490,6 +490,35 @@ pub struct Config {
|
|||
#[serde(default = "default_trusted_servers")]
|
||||
pub trusted_servers: Vec<OwnedServerName>,
|
||||
|
||||
/// Whether to query the servers listed in trusted_servers first or query
|
||||
/// the origin server first. For best security, querying the origin server
|
||||
/// first is advised to minimize the exposure to a compromised trusted
|
||||
/// server. For maximum performance this can be set to true, however other
|
||||
/// options exist to query trusted servers first under specific high-load
|
||||
/// circumstances and should be evaluated before setting this to true.
|
||||
#[serde(default)]
|
||||
pub query_trusted_key_servers_first: bool,
|
||||
|
||||
/// Whether to query the servers listed in trusted_servers first
|
||||
/// specifically on room joins. This option limits the exposure to a
|
||||
/// compromised trusted server to room joins only. The join operation
|
||||
/// requires gathering keys from many origin servers which can cause
|
||||
/// significant delays. Therefor this defaults to true to mitigate
|
||||
/// unexpected delays out-of-the-box. The security-paranoid or those
|
||||
/// willing to tolerate delays are advised to set this to false. Note that
|
||||
/// setting query_trusted_key_servers_first to true causes this option to
|
||||
/// be ignored.
|
||||
#[serde(default = "true_fn")]
|
||||
pub query_trusted_key_servers_first_on_join: bool,
|
||||
|
||||
/// Only query trusted servers for keys and never the origin server. This is
|
||||
/// intended for clusters or custom deployments using their trusted_servers
|
||||
/// as forwarding-agents to cache and deduplicate requests. Notary servers
|
||||
/// do not act as forwarding-agents by default, therefor do not enable this
|
||||
/// unless you know exactly what you are doing.
|
||||
#[serde(default)]
|
||||
pub only_query_trusted_key_servers: bool,
|
||||
|
||||
/// max log level for conduwuit. allows debug, info, warn, or error
|
||||
/// see also: https://docs.rs/tracing-subscriber/latest/tracing_subscriber/filter/struct.EnvFilter.html#directives
|
||||
/// **Caveat**:
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue