diff options
-rw-r--r-- | synapse/config/tls.py | 41 |
1 files changed, 18 insertions, 23 deletions
diff --git a/synapse/config/tls.py b/synapse/config/tls.py index 704e01b375..ed113ee833 100644 --- a/synapse/config/tls.py +++ b/synapse/config/tls.py @@ -88,36 +88,31 @@ class TlsConfig(Config): for domain in federation_certificate_verification_whitelist: self.federation_certificate_verification_whitelist[domain] = True - # List of custom certificate authorities for TLS verification + # List of custom certificate authorities for federation traffic validation self.federation_custom_ca_list = config.get( "federation_custom_ca_list", [], ) - # Read in the CA certificates - cert_contents = [] - try: - for ca_file in self.federation_custom_ca_list: - logger.debug("Reading custom CA certificate file: %s", ca_file) + # Read in and parse custom CA certificates + certs = [] + for ca_file in self.federation_custom_ca_list: + logger.debug("Reading custom CA certificate file: %s", ca_file) + try: with open(ca_file, 'rb') as f: - cert_contents.append(f.read()) - except Exception: - logger.exception("Failed to read custom CA certificate off disk!") - raise + content = f.read() + except Exception: + logger.exception("Failed to read custom CA certificate off disk!") + raise - # Parse the CA certificates - certs = [] - try: - for content in cert_contents: - logger.debug("Parsing custom CA certificate file: %s", ca_file) - cert_base = Certificate.loadPEM(cert_contents) + # Parse the CA certificates + try: + cert_base = Certificate.loadPEM(content) certs.append(cert_base) - - trust_root = trustRootFromCertificates(certs) - except Exception: - logger.exception("Failed to parse custom CA certificate off disk!") - raise - - self.federation_custom_ca_list = trust_root + except Exception: + logger.exception("Failed to parse custom CA certificate off disk!") + raise + + self.federation_custom_ca_list = trustRootFromCertificates(certs) # This config option applies to non-federation HTTP clients # (e.g. for talking to recaptcha, identity servers, and such) |