relp tls fingerprint authentication

[jeanpaulgalea]

Would you consider adding a feature to match tls.permittedpeer fingerprints with hostnames?

Currently if you have a list of peers using omrelp to write to a "master" node, which is using imrelp and tls.authmode="fingerprint" with a list of tls.permittedpeer fingerprints, any client peer can masquerade as any other client.

To avoid this we can check if $hostname and $fromhost-ip match, but it would be more robust to check against the fingerprint.

Maybe it's possible to populate a $fingerprint variable with the connection's TLS fingerprint?

Or have a hash for tls.permittedpeer with hostname -> fingerprint to automatically drop messages (or log separately perhaps) for hostname/fingerprint mismatch?

Thanks.