diff options
author | Patrick Cloke <clokep@users.noreply.github.com> | 2021-11-19 07:07:22 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-11-19 07:07:22 -0500 |
commit | 4d6d38ac2f015294c5fca5d0e5b70649997d4b08 (patch) | |
tree | 7c69740b5e7e066f04fdffbba550cc52d2425863 | |
parent | Remove msc2716 from the list of tests for complement. (#11389) (diff) | |
download | synapse-4d6d38ac2f015294c5fca5d0e5b70649997d4b08.tar.xz |
Remove dead code from acme support. (#11393)
-rw-r--r-- | changelog.d/11393.misc | 1 | ||||
-rw-r--r-- | synapse/config/tls.py | 50 |
2 files changed, 1 insertions, 50 deletions
diff --git a/changelog.d/11393.misc b/changelog.d/11393.misc new file mode 100644 index 0000000000..6bf47ec2e0 --- /dev/null +++ b/changelog.d/11393.misc @@ -0,0 +1 @@ +Remove dead code from supporting ACME. diff --git a/synapse/config/tls.py b/synapse/config/tls.py index 613faca658..21e5ddd15f 100644 --- a/synapse/config/tls.py +++ b/synapse/config/tls.py @@ -14,7 +14,6 @@ import logging import os -from datetime import datetime from typing import List, Optional, Pattern from OpenSSL import SSL, crypto @@ -133,55 +132,6 @@ class TlsConfig(Config): self.tls_certificate: Optional[crypto.X509] = None self.tls_private_key: Optional[crypto.PKey] = None - def is_disk_cert_valid(self, allow_self_signed=True): - """ - Is the certificate we have on disk valid, and if so, for how long? - - Args: - allow_self_signed (bool): Should we allow the certificate we - read to be self signed? - - Returns: - int: Days remaining of certificate validity. - None: No certificate exists. - """ - if not os.path.exists(self.tls_certificate_file): - return None - - try: - with open(self.tls_certificate_file, "rb") as f: - cert_pem = f.read() - except Exception as e: - raise ConfigError( - "Failed to read existing certificate file %s: %s" - % (self.tls_certificate_file, e) - ) - - try: - tls_certificate = crypto.load_certificate(crypto.FILETYPE_PEM, cert_pem) - except Exception as e: - raise ConfigError( - "Failed to parse existing certificate file %s: %s" - % (self.tls_certificate_file, e) - ) - - if not allow_self_signed: - if tls_certificate.get_subject() == tls_certificate.get_issuer(): - raise ValueError( - "TLS Certificate is self signed, and this is not permitted" - ) - - # YYYYMMDDhhmmssZ -- in UTC - expiry_data = tls_certificate.get_notAfter() - if expiry_data is None: - raise ValueError( - "TLS Certificate has no expiry date, and this is not permitted" - ) - expires_on = datetime.strptime(expiry_data.decode("ascii"), "%Y%m%d%H%M%SZ") - now = datetime.utcnow() - days_remaining = (expires_on - now).days - return days_remaining - def read_certificate_from_disk(self): """ Read the certificates and private key from disk. |