summary refs log tree commit diff
diff options
context:
space:
mode:
authorDavid Robertson <davidr@element.io>2021-10-06 19:31:39 +0100
committerDavid Robertson <davidr@element.io>2021-10-06 20:25:46 +0100
commitfaa1f101d903ae721faf123976c0efa987df4b85 (patch)
treeb5661a136620a5e5802e921c7291e509ab6fc3e6
parenttypeshed has jsonschema stubs (diff)
downloadsynapse-faa1f101d903ae721faf123976c0efa987df4b85.tar.xz
pyOpenSSL has type stubs
since at least here: https://github.com/python/typeshed/pull/5649

Two fixups to keep mypy happy.

The first handles that `get_notAfter` could return None. Before this
would raise a generic `AttributeError`; now it raises a ValueError with
specific message.

The second ensures the callback to `set_verify` returns bool, not
NoneType. (AFAICS this was fine because PyOpenSSL only ever used the
truthiness of the callback's return value.)
-rw-r--r--mypy.ini3
-rwxr-xr-xsetup.py2
-rw-r--r--synapse/config/tls.py9
-rw-r--r--synapse/http/client.py2
4 files changed, 8 insertions, 8 deletions
diff --git a/mypy.ini b/mypy.ini
index b379ee0e6d..3adae6b1c1 100644
--- a/mypy.ini
+++ b/mypy.ini
@@ -241,9 +241,6 @@ ignore_missing_imports = True
 [mypy-netaddr]
 ignore_missing_imports = True
 
-[mypy-OpenSSL.*]
-ignore_missing_imports = True
-
 [mypy-opentracing]
 ignore_missing_imports = True
 
diff --git a/setup.py b/setup.py
index a35a42beb1..a45aeda416 100755
--- a/setup.py
+++ b/setup.py
@@ -116,7 +116,7 @@ CONDITIONAL_REQUIREMENTS["mypy"] = [
     "mypy==0.812",
     "mypy-zope==0.2.13",
     "types-jsonschema>=3.2.0",
-
+    "types-pyOpenSSL>=20.0.7",
 ]
 
 # Dependencies which are exclusively required by unit test code. This is
diff --git a/synapse/config/tls.py b/synapse/config/tls.py
index 5679f05e42..6227434bac 100644
--- a/synapse/config/tls.py
+++ b/synapse/config/tls.py
@@ -172,9 +172,12 @@ class TlsConfig(Config):
                 )
 
         # YYYYMMDDhhmmssZ -- in UTC
-        expires_on = datetime.strptime(
-            tls_certificate.get_notAfter().decode("ascii"), "%Y%m%d%H%M%SZ"
-        )
+        expiry_data = tls_certificate.get_notAfter()
+        if expiry_data is None:
+            raise ValueError(
+                "TLS Certificate has no expiry date, and this is not permitted"
+            )
+        expires_on = datetime.strptime(expiry_data.decode("ascii"), "%Y%m%d%H%M%SZ")
         now = datetime.utcnow()
         days_remaining = (expires_on - now).days
         return days_remaining
diff --git a/synapse/http/client.py b/synapse/http/client.py
index 5204c3d08c..b5a2d333a6 100644
--- a/synapse/http/client.py
+++ b/synapse/http/client.py
@@ -912,7 +912,7 @@ class InsecureInterceptableContextFactory(ssl.ContextFactory):
 
     def __init__(self):
         self._context = SSL.Context(SSL.SSLv23_METHOD)
-        self._context.set_verify(VERIFY_NONE, lambda *_: None)
+        self._context.set_verify(VERIFY_NONE, lambda *_: False)
 
     def getContext(self, hostname=None, port=None):
         return self._context