summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--synapse/config/tls.py41
1 files changed, 18 insertions, 23 deletions
diff --git a/synapse/config/tls.py b/synapse/config/tls.py
index 704e01b375..ed113ee833 100644
--- a/synapse/config/tls.py
+++ b/synapse/config/tls.py
@@ -88,36 +88,31 @@ class TlsConfig(Config):
             for domain in federation_certificate_verification_whitelist:
                 self.federation_certificate_verification_whitelist[domain] = True
 
-        # List of custom certificate authorities for TLS verification
+        # List of custom certificate authorities for federation traffic validation
         self.federation_custom_ca_list = config.get(
             "federation_custom_ca_list", [],
         )
 
-        # Read in the CA certificates
-        cert_contents = []
-        try:
-            for ca_file in self.federation_custom_ca_list:
-                logger.debug("Reading custom CA certificate file: %s", ca_file)
+        # Read in and parse custom CA certificates
+        certs = []
+        for ca_file in self.federation_custom_ca_list:
+            logger.debug("Reading custom CA certificate file: %s", ca_file)
+            try:
                 with open(ca_file, 'rb') as f:
-                    cert_contents.append(f.read())
-        except Exception:
-            logger.exception("Failed to read custom CA certificate off disk!")
-            raise
+                    content = f.read()
+            except Exception:
+                logger.exception("Failed to read custom CA certificate off disk!")
+                raise
 
-        # Parse the CA certificates
-        certs = []
-        try:
-            for content in cert_contents:
-                logger.debug("Parsing custom CA certificate file: %s", ca_file)
-                cert_base = Certificate.loadPEM(cert_contents)
+            # Parse the CA certificates
+            try:
+                cert_base = Certificate.loadPEM(content)
                 certs.append(cert_base)
-
-            trust_root = trustRootFromCertificates(certs)
-        except Exception:
-            logger.exception("Failed to parse custom CA certificate off disk!")
-            raise
-
-        self.federation_custom_ca_list = trust_root
+            except Exception:
+                logger.exception("Failed to parse custom CA certificate off disk!")
+                raise
+                
+        self.federation_custom_ca_list = trustRootFromCertificates(certs)
 
         # This config option applies to non-federation HTTP clients
         # (e.g. for talking to recaptcha, identity servers, and such)