feat: [[trusted]] config + FederationHello for one-sided federation
- Added [[trusted]] config: relay B can accept inbound federation from relay A by fingerprint alone, without knowing A's address. A connects to B with [[peers]], B trusts A with [[trusted]]. - FederationHello signal: outbound connections send their TLS fingerprint as first signal. The accepting relay verifies it against [[peers]] (by IP) or [[trusted]] (by fingerprint). - Tested 3-relay chain: A→B←C. Both A and C connect to B, B trusts both. B correctly accepts both inbound connections. Room announcements flow A→B and C→B. - Remaining: B needs to announce rooms back to A and C on the same connection so media can flow A→B→C. Currently A has no virtual participant for B, so media doesn't reach B's SFU for forwarding. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Siavash Sameni
@@ -659,6 +659,12 @@ pub enum SignalMessage {
|
||||
|
||||
// ── Federation signals (relay-to-relay) ──
|
||||
|
||||
/// Federation: initial handshake — the connecting relay identifies itself.
|
||||
FederationHello {
|
||||
/// TLS certificate fingerprint of the connecting relay.
|
||||
tls_fingerprint: String,
|
||||
},
|
||||
|
||||
/// Federation: a room exists on the sending relay with active local participants.
|
||||
FederationRoomJoin {
|
||||
room: String,
|
||||
|
||||
Reference in New Issue
Block a user