diff options
| author | Andrew Morgan <andrew@amorgan.xyz> | 2019-04-01 15:01:10 +0100 |
|---|---|---|
| committer | Andrew Morgan <andrew@amorgan.xyz> | 2019-04-01 15:01:10 +0100 |
| commit | 0ce5b5bcfe0481ac6865cc7aaec182c49e92b519 (patch) | |
| tree | 758442edae48d8c3fc5af81c0fcb33f0881a6415 | |
| parent | consolidate logic (diff) | |
| download | synapse-0ce5b5bcfe0481ac6865cc7aaec182c49e92b519.tar.xz | |
words
| -rw-r--r-- | synapse/config/tls.py | 2 | ||||
| -rw-r--r-- | synapse/crypto/context_factory.py | 7 |
2 files changed, 4 insertions, 5 deletions
diff --git a/synapse/config/tls.py b/synapse/config/tls.py index ed113ee833..63ee3386ed 100644 --- a/synapse/config/tls.py +++ b/synapse/config/tls.py @@ -111,7 +111,7 @@ class TlsConfig(Config): except Exception: logger.exception("Failed to parse custom CA certificate off disk!") raise - + self.federation_custom_ca_list = trustRootFromCertificates(certs) # This config option applies to non-federation HTTP clients diff --git a/synapse/crypto/context_factory.py b/synapse/crypto/context_factory.py index 2c2bfa3a89..bfdcd23959 100644 --- a/synapse/crypto/context_factory.py +++ b/synapse/crypto/context_factory.py @@ -127,7 +127,6 @@ class ClientTLSOptionsFactory(object): to remote servers for federation.""" def __init__(self, config): - # We don't use config options yet self._options_validate = CertificateOptions( # This option implies verify=True trustRoot=config.federation_custom_ca_list, @@ -137,11 +136,11 @@ class ClientTLSOptionsFactory(object): def get_options(self, host, config): # Use _makeContext so that we get a fresh OpenSSL CTX each time. - # Check if certificate validation has been enabled + # Check if certificate verification has been enabled if (config.federation_verify_certificates and host not in config.federation_certificate_validation_whitelist): - # Require validation + # Require verification return ClientTLSOptions(host, self._options_validate._makeContext()) - # Otherwise don't require validation + # Otherwise don't require verification return ClientTLSOptions(host, self._options_novalidate._makeContext()) |