[Feature] Allow to require encryption when accepting connections

diff --git a/src/worker.c b/src/worker.c
index 544f05cbd48454b90ba4168f9e2f367e8e1cc469..9778cee08885efa32dfd5653e96307ddaeca51ed 100644 (file)
--- a/src/worker.c
+++ b/src/worker.c
@@ -342,7 +342,7 @@ accept_socket (gint fd, short what, void *arg)
        struct rspamd_worker_ctx *ctx;
        struct rspamd_task *task;
        rspamd_inet_addr_t *addr;
-       gint nfd;
+       gint nfd, http_opts = 0;
 
        ctx = worker->ctx;
 
@@ -386,10 +386,14 @@ accept_socket (gint fd, short what, void *arg)
        /* TODO: allow to disable autolearn in protocol */
        task->flags |= RSPAMD_TASK_FLAG_LEARN_AUTO;
 
+       if (ctx->encrypted_only && !rspamd_inet_address_is_local (addr, FALSE)) {
+               http_opts = RSPAMD_HTTP_REQUIRE_ENCRYPTION;
+       }
+
        task->http_conn = rspamd_http_connection_new (rspamd_worker_body_handler,
                        rspamd_worker_error_handler,
                        rspamd_worker_finish_handler,
-                       0,
+                       http_opts,
                        RSPAMD_HTTP_SERVER,
                        ctx->keys_cache,
                        NULL);
@@ -547,30 +551,13 @@ init_worker (struct rspamd_config *cfg)
 
        rspamd_rcl_register_worker_option (cfg,
                        type,
-                       "http",
+                       "encrypted_only",
                        rspamd_rcl_parse_struct_boolean,
                        ctx,
-                       G_STRUCT_OFFSET (struct rspamd_worker_ctx, is_http),
+                       G_STRUCT_OFFSET (struct rspamd_worker_ctx, encrypted_only),
                        0,
                        "Deprecated: always true now");
 
-       rspamd_rcl_register_worker_option (cfg,
-                       type,
-                       "json",
-                       rspamd_rcl_parse_struct_boolean,
-                       ctx,
-                       G_STRUCT_OFFSET (struct rspamd_worker_ctx, is_json),
-                       0,
-                       "Deprecated: always true now");
-
-       rspamd_rcl_register_worker_option (cfg,
-                       type,
-                       "allow_learn",
-                       rspamd_rcl_parse_struct_boolean,
-                       ctx,
-                       G_STRUCT_OFFSET (struct rspamd_worker_ctx, allow_learn),
-                       0,
-                       "Deprecated: disabled and forgotten");
 
        rspamd_rcl_register_worker_option (cfg,
                        type,

diff --git a/src/worker_private.h b/src/worker_private.h
index fe4a6c4b39863c38f69a6501a36981e8d3716bb1..f07a95b412617846079ec333b230deae265c7c2a 100644 (file)
--- a/src/worker_private.h
+++ b/src/worker_private.h
@@ -40,12 +40,8 @@ struct rspamd_worker_ctx {
        struct timeval io_tv;
        /* Detect whether this worker is mime worker    */
        gboolean is_mime;
-       /* HTTP worker                                                                  */
-       gboolean is_http;
-       /* JSON output                                  */
-       gboolean is_json;
-       /* Allow learning through worker                                */
-       gboolean allow_learn;
+       /* Allow encrypted requests only using network */
+       gboolean encrypted_only;
        /* Limit of tasks */
        guint32 max_tasks;
        /* Maximum time for task processing */