summary refs log tree commit diff
diff options
context:
space:
mode:
authorDaniel Wagner-Hall <daniel@matrix.org>2015-09-15 15:46:22 +0100
committerDaniel Wagner-Hall <daniel@matrix.org>2015-09-15 15:46:22 +0100
commit3bcbabc9fb5446e74a675352e22963d528189957 (patch)
tree943772937137282b1899698274ee75e77eca212d
parentMerge branch 'master' into daniel/insecureclient (diff)
downloadsynapse-3bcbabc9fb5446e74a675352e22963d528189957.tar.xz
Rename context factory
Mjark is officially no fun.
-rw-r--r--synapse/http/client.py6
-rw-r--r--synapse/server.py4
2 files changed, 5 insertions, 5 deletions
diff --git a/synapse/http/client.py b/synapse/http/client.py
index 815a838729..0933388c04 100644
--- a/synapse/http/client.py
+++ b/synapse/http/client.py
@@ -261,11 +261,11 @@ def _print_ex(e):
         logger.exception(e)
 
 
-class WoefullyInsecureContextFactory(ssl.ContextFactory):
+class InsecureInterceptableContextFactory(ssl.ContextFactory):
     """
-    Factory for PyOpenSSL SSL contexts which does absolutely no certificate verification.
+    Factory for PyOpenSSL SSL contexts which accepts any certificate for any domain.
 
-    Do not use this unless you really, really hate your users.
+    Do not use this since it allows an attacker to intercept your communications.
     """
 
     def __init__(self):
diff --git a/synapse/server.py b/synapse/server.py
index 656e534dff..d96c5a573a 100644
--- a/synapse/server.py
+++ b/synapse/server.py
@@ -21,7 +21,7 @@
 # Imports required for the default HomeServer() implementation
 from twisted.web.client import BrowserLikePolicyForHTTPS
 from synapse.federation import initialize_http_replication
-from synapse.http.client import SimpleHttpClient, WoefullyInsecureContextFactory
+from synapse.http.client import SimpleHttpClient,  InsecureInterceptableContextFactory
 from synapse.notifier import Notifier
 from synapse.api.auth import Auth
 from synapse.handlers import Handlers
@@ -181,7 +181,7 @@ class HomeServer(BaseHomeServer):
     def build_http_client_context_factory(self):
         config = self.get_config()
         return (
-            WoefullyInsecureContextFactory() if config.use_insecure_ssl_client
+            InsecureInterceptableContextFactory() if config.use_insecure_ssl_client
             else BrowserLikePolicyForHTTPS()
         )