diff options
author | David Robertson <davidr@element.io> | 2021-10-06 19:31:39 +0100 |
---|---|---|
committer | David Robertson <davidr@element.io> | 2021-10-06 20:25:46 +0100 |
commit | faa1f101d903ae721faf123976c0efa987df4b85 (patch) | |
tree | b5661a136620a5e5802e921c7291e509ab6fc3e6 | |
parent | typeshed has jsonschema stubs (diff) | |
download | synapse-faa1f101d903ae721faf123976c0efa987df4b85.tar.xz |
pyOpenSSL has type stubs
since at least here: https://github.com/python/typeshed/pull/5649 Two fixups to keep mypy happy. The first handles that `get_notAfter` could return None. Before this would raise a generic `AttributeError`; now it raises a ValueError with specific message. The second ensures the callback to `set_verify` returns bool, not NoneType. (AFAICS this was fine because PyOpenSSL only ever used the truthiness of the callback's return value.)
-rw-r--r-- | mypy.ini | 3 | ||||
-rwxr-xr-x | setup.py | 2 | ||||
-rw-r--r-- | synapse/config/tls.py | 9 | ||||
-rw-r--r-- | synapse/http/client.py | 2 |
4 files changed, 8 insertions, 8 deletions
diff --git a/mypy.ini b/mypy.ini index b379ee0e6d..3adae6b1c1 100644 --- a/mypy.ini +++ b/mypy.ini @@ -241,9 +241,6 @@ ignore_missing_imports = True [mypy-netaddr] ignore_missing_imports = True -[mypy-OpenSSL.*] -ignore_missing_imports = True - [mypy-opentracing] ignore_missing_imports = True diff --git a/setup.py b/setup.py index a35a42beb1..a45aeda416 100755 --- a/setup.py +++ b/setup.py @@ -116,7 +116,7 @@ CONDITIONAL_REQUIREMENTS["mypy"] = [ "mypy==0.812", "mypy-zope==0.2.13", "types-jsonschema>=3.2.0", - + "types-pyOpenSSL>=20.0.7", ] # Dependencies which are exclusively required by unit test code. This is diff --git a/synapse/config/tls.py b/synapse/config/tls.py index 5679f05e42..6227434bac 100644 --- a/synapse/config/tls.py +++ b/synapse/config/tls.py @@ -172,9 +172,12 @@ class TlsConfig(Config): ) # YYYYMMDDhhmmssZ -- in UTC - expires_on = datetime.strptime( - tls_certificate.get_notAfter().decode("ascii"), "%Y%m%d%H%M%SZ" - ) + expiry_data = tls_certificate.get_notAfter() + if expiry_data is None: + raise ValueError( + "TLS Certificate has no expiry date, and this is not permitted" + ) + expires_on = datetime.strptime(expiry_data.decode("ascii"), "%Y%m%d%H%M%SZ") now = datetime.utcnow() days_remaining = (expires_on - now).days return days_remaining diff --git a/synapse/http/client.py b/synapse/http/client.py index 5204c3d08c..b5a2d333a6 100644 --- a/synapse/http/client.py +++ b/synapse/http/client.py @@ -912,7 +912,7 @@ class InsecureInterceptableContextFactory(ssl.ContextFactory): def __init__(self): self._context = SSL.Context(SSL.SSLv23_METHOD) - self._context.set_verify(VERIFY_NONE, lambda *_: None) + self._context.set_verify(VERIFY_NONE, lambda *_: False) def getContext(self, hostname=None, port=None): return self._context |