diff --git a/docs/sample_config.yaml b/docs/sample_config.yaml
index c96eb0cf2d..ae1cafc5f3 100644
--- a/docs/sample_config.yaml
+++ b/docs/sample_config.yaml
@@ -1029,8 +1029,8 @@ signing_key_path: "CONFDIR/SERVERNAME.signing.key"
# - server_name: "matrix.org"
#
-# The additional signing keys to use when acting as a trusted key server, on
-# top of the normal signing keys.
+# The signing keys to use when acting as a trusted key server. If not specified
+# defaults to the server signing key.
#
# Can contain multiple keys, one per line.
#
diff --git a/synapse/crypto/keyring.py b/synapse/crypto/keyring.py
index abeb0ac26e..2d7434fb2f 100644
--- a/synapse/crypto/keyring.py
+++ b/synapse/crypto/keyring.py
@@ -539,7 +539,7 @@ class BaseV2KeyFetcher(object):
verify_key=verify_key, valid_until_ts=key_data["expired_ts"]
)
- signed_key_json_bytes = encode_canonical_json(response_json)
+ key_json_bytes = encode_canonical_json(response_json)
yield make_deferred_yieldable(
defer.gatherResults(
@@ -551,7 +551,7 @@ class BaseV2KeyFetcher(object):
from_server=from_server,
ts_now_ms=time_added_ms,
ts_expires_ms=ts_valid_until_ms,
- key_json_bytes=signed_key_json_bytes,
+ key_json_bytes=key_json_bytes,
)
for key_id in verify_keys
],
diff --git a/synapse/rest/key/v2/remote_key_resource.py b/synapse/rest/key/v2/remote_key_resource.py
index f3398c9523..55580bc59e 100644
--- a/synapse/rest/key/v2/remote_key_resource.py
+++ b/synapse/rest/key/v2/remote_key_resource.py
@@ -14,7 +14,7 @@
import logging
-from canonicaljson import json
+from canonicaljson import encode_canonical_json, json
from signedjson.sign import sign_json
from twisted.internet import defer
@@ -227,4 +227,4 @@ class RemoteKey(DirectServeResource):
results = {"server_keys": signed_keys}
- respond_with_json_bytes(request, 200, json.dumps(results).encode("utf-8"))
+ respond_with_json_bytes(request, 200, encode_canonical_json(results))
|
