diff options
| author | Richard van der Hoff <1389908+richvdh@users.noreply.github.com> | 2019-06-06 17:33:11 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-06-06 17:33:11 +0100 |
| commit | 9fbb20a531161652143028cde333429fe03b0343 (patch) | |
| tree | 62a37a5c57f3863a6cdb1119a783db085cf83dab /changelog.d | |
| parent | Neilj/1.0 upgrade notes (#5371) (diff) | |
| download | synapse-9fbb20a531161652143028cde333429fe03b0343.tar.xz | |
Stop hardcoding trust of old matrix.org key (#5374)
There are a few changes going on here: * We make checking the signature on a key server response optional: if no verify_keys are specified, we trust to TLS to validate the connection. * We change the default config so that it does not require responses to be signed by the old key. * We replace the old 'perspectives' config with 'trusted_key_servers', which is also formatted slightly differently. * We emit a warning to the logs every time we trust a key server response signed by the old key.
Diffstat (limited to 'changelog.d')
| -rw-r--r-- | changelog.d/5374.feature | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/changelog.d/5374.feature b/changelog.d/5374.feature new file mode 100644 index 0000000000..17937637ab --- /dev/null +++ b/changelog.d/5374.feature @@ -0,0 +1 @@ +Replace the `perspectives` configuration section with `trusted_key_servers`, and make validating the signatures on responses optional (since TLS will do this job for us). |