diff options
| author | Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> | 2019-04-25 06:22:49 -0700 |
|---|---|---|
| committer | Richard van der Hoff <1389908+richvdh@users.noreply.github.com> | 2019-04-25 14:22:49 +0100 |
| commit | 6824ddd93df1cfc347e4c8f423d54fab5bb732fb (patch) | |
| tree | 4ef1853e6bd78aa2ed9cc75dcf7724b82aa27d97 /docs | |
| parent | Remove log error for .well-known/matrix/client (#4972) (diff) | |
| download | synapse-6824ddd93df1cfc347e4c8f423d54fab5bb732fb.tar.xz | |
Config option for verifying federation certificates (MSC 1711) (#4967)
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/MSC1711_certificates_FAQ.md | 1 | ||||
| -rw-r--r-- | docs/sample_config.yaml | 34 |
2 files changed, 34 insertions, 1 deletions
diff --git a/docs/MSC1711_certificates_FAQ.md b/docs/MSC1711_certificates_FAQ.md index 8eb22656db..ebfb20f5c8 100644 --- a/docs/MSC1711_certificates_FAQ.md +++ b/docs/MSC1711_certificates_FAQ.md @@ -177,7 +177,6 @@ You can do this with a `.well-known` file as follows: on `customer.example.net:8000` it correctly handles HTTP requests with Host header set to `customer.example.net:8000`. - ## FAQ ### Synapse 0.99.0 has just been released, what do I need to do right now? diff --git a/docs/sample_config.yaml b/docs/sample_config.yaml index ab02e8f20e..a7f6bf31ac 100644 --- a/docs/sample_config.yaml +++ b/docs/sample_config.yaml @@ -260,6 +260,40 @@ listeners: # #tls_private_key_path: "CONFDIR/SERVERNAME.tls.key" +# Whether to verify TLS certificates when sending federation traffic. +# +# This currently defaults to `false`, however this will change in +# Synapse 1.0 when valid federation certificates will be required. +# +#federation_verify_certificates: true + +# Skip federation certificate verification on the following whitelist +# of domains. +# +# This setting should only be used in very specific cases, such as +# federation over Tor hidden services and similar. For private networks +# of homeservers, you likely want to use a private CA instead. +# +# Only effective if federation_verify_certicates is `true`. +# +#federation_certificate_verification_whitelist: +# - lon.example.com +# - *.domain.com +# - *.onion + +# List of custom certificate authorities for federation traffic. +# +# This setting should only normally be used within a private network of +# homeservers. +# +# Note that this list will replace those that are provided by your +# operating environment. Certificates must be in PEM format. +# +#federation_custom_ca_list: +# - myCA1.pem +# - myCA2.pem +# - myCA3.pem + # ACME support: This will configure Synapse to request a valid TLS certificate # for your configured `server_name` via Let's Encrypt. # |