summary refs log tree commit diff
diff options
context:
space:
mode:
authorAndrew Morgan <andrew@amorgan.xyz>2019-04-02 11:47:00 +0100
committerAndrew Morgan <andrew@amorgan.xyz>2019-04-02 11:47:00 +0100
commit40702b638ee46ea64b78fe35e5472e36e8f0ba28 (patch)
tree510789b8491f9381ef23494bff311d2a0d91e502
parentGive tests config with default config values (diff)
downloadsynapse-40702b638ee46ea64b78fe35e5472e36e8f0ba28.tar.xz
Check for type instead of not None
Diffstat
-rw-r--r--synapse/crypto/context_factory.py19


1 files changed, 10 insertions, 9 deletions
diff --git a/synapse/crypto/context_factory.py b/synapse/crypto/context_factory.py
index 9d890ae890..941ae7debc 100644
--- a/synapse/crypto/context_factory.py
+++ b/synapse/crypto/context_factory.py
@@ -21,7 +21,7 @@ from OpenSSL import SSL, crypto
 from twisted.internet._sslverify import _defaultCurveName
 from twisted.internet.abstract import isIPAddress, isIPv6Address
 from twisted.internet.interfaces import IOpenSSLClientConnectionCreator
-from twisted.internet.ssl import CertificateOptions, ContextFactory, platformTrust
+from twisted.internet.ssl import CertificateOptions, ContextFactory, platformTrust, OpenSSLCertificateAuthorities
 from twisted.python.failure import Failure
 
 logger = logging.getLogger(__name__)
@@ -129,20 +129,21 @@ class ClientTLSOptionsFactory(object):
     def __init__(self, config):
         self._config = config
 
+        self._options_novalidate = CertificateOptions()
+
         # Check if we're using a custom list of a CA certificates
-        if config.federation_custom_ca_list is not None:
+        if isinstance(config.federation_custom_ca_list, OpenSSLCertificateAuthorities):
             self._options_validate = CertificateOptions(
                 # Use custom CA trusted root certs
                 trustRoot=config.federation_custom_ca_list,
             )
-        else:
-            # If not, verify using those provided by the operating environment
-            self._options_validate = CertificateOptions(
-                # Use CA root certs provided by OpenSSL
-                trustRoot=platformTrust(),
-            )
+            return
 
-        self._options_novalidate = CertificateOptions()
+        # If not, verify using those provided by the operating environment
+        self._options_validate = CertificateOptions(
+            # Use CA root certs provided by OpenSSL
+            trustRoot=platformTrust(),
+        )
 
     def get_options(self, host):
         # Use _makeContext so that we get a fresh OpenSSL CTX each time.

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-11-12 23:55:28 +0000