summary refs log tree commit diff
diff options
context:
space:
mode:
authorRichard van der Hoff <richard@matrix.org>2019-04-25 20:53:10 +0100
committerRichard van der Hoff <richard@matrix.org>2019-04-25 20:55:12 +0100
commit7ca638c76135d7a0f86f6aa7981554bbe0b7a335 (patch)
treed19dadd18e0b8a6e3a4f3bbc1536f4f9eb5be650
parentMerge remote-tracking branch 'origin/master' into develop (diff)
downloadsynapse-7ca638c76135d7a0f86f6aa7981554bbe0b7a335.tar.xz
Clarify logging when PDU signature checking fails
-rw-r--r--synapse/crypto/keyring.py4
-rw-r--r--synapse/federation/federation_base.py19
2 files changed, 20 insertions, 3 deletions
diff --git a/synapse/crypto/keyring.py b/synapse/crypto/keyring.py
index ed2e994437..b6d1b4cf0b 100644
--- a/synapse/crypto/keyring.py
+++ b/synapse/crypto/keyring.py
@@ -120,11 +120,9 @@ class Keyring(object):
 
             key_ids = signature_ids(json_object, server_name)
             if not key_ids:
-                logger.warn("Request from %s: no supported signature keys",
-                            server_name)
                 deferred = defer.fail(SynapseError(
                     400,
-                    "Not signed with a supported algorithm",
+                    "Not signed by %s" % (server_name, ),
                     Codes.UNAUTHORIZED,
                 ))
             else:
diff --git a/synapse/federation/federation_base.py b/synapse/federation/federation_base.py
index dfe6b4aa5c..1d641337da 100644
--- a/synapse/federation/federation_base.py
+++ b/synapse/federation/federation_base.py
@@ -269,7 +269,17 @@ def _check_sigs_on_pdus(keyring, room_version, pdus):
         for p in pdus_to_check_sender
     ])
 
+    def sender_err(e, pdu_to_check):
+        logger.warning(
+            "event id %s: unable to verify signature for sender %s: %s",
+            pdu_to_check.pdu.event_id,
+            pdu_to_check.sender_domain,
+            e,
+        )
+        return e
+
     for p, d in zip(pdus_to_check_sender, more_deferreds):
+        d.addErrback(sender_err, p)
         p.deferreds.append(d)
 
     # now let's look for events where the sender's domain is different to the
@@ -291,7 +301,16 @@ def _check_sigs_on_pdus(keyring, room_version, pdus):
             for p in pdus_to_check_event_id
         ])
 
+        def event_err(e, pdu_to_check):
+            logger.warning(
+                "event id %s: unable to verify signature for event id domain: %s",
+                pdu_to_check.pdu.event_id,
+                e,
+            )
+            return e
+
         for p, d in zip(pdus_to_check_event_id, more_deferreds):
+            d.addErrback(event_err, p)
             p.deferreds.append(d)
 
     # replace lists of deferreds with single Deferreds