summary refs log tree commit diff
path: root/synapse/config/key.py
diff options
context:
space:
mode:
authorErik Johnston <erik@matrix.org>2019-08-23 14:54:20 +0100
committerErik Johnston <erik@matrix.org>2019-08-23 15:36:28 +0100
commitfe0ac98e6653903cce43b1c5a3be77ef4f626867 (patch)
tree16062ee6bcce53b43f206884aea026a2cb4fc2e0 /synapse/config/key.py
parentFixup review comments (diff)
downloadsynapse-fe0ac98e6653903cce43b1c5a3be77ef4f626867.tar.xz
Don't implicitly include server signing key
Diffstat (limited to 'synapse/config/key.py')
-rw-r--r--synapse/config/key.py13
1 files changed, 6 insertions, 7 deletions
diff --git a/synapse/config/key.py b/synapse/config/key.py
index f1a1efcb7f..ba2199bceb 100644
--- a/synapse/config/key.py
+++ b/synapse/config/key.py
@@ -85,14 +85,13 @@ class KeyConfig(Config):
             config.get("key_refresh_interval", "1d")
         )
 
-        self.key_server_signing_keys = list(self.signing_key)
         key_server_signing_keys_path = config.get("key_server_signing_keys_path")
         if key_server_signing_keys_path:
-            self.key_server_signing_keys.extend(
-                self.read_signing_keys(
-                    key_server_signing_keys_path, "key_server_signing_keys_path"
-                )
+            self.key_server_signing_keys = self.read_signing_keys(
+                key_server_signing_keys_path, "key_server_signing_keys_path"
             )
+        else:
+            self.key_server_signing_keys = list(self.signing_key)
 
         # if neither trusted_key_servers nor perspectives are given, use the default.
         if "perspectives" not in config and "trusted_key_servers" not in config:
@@ -221,8 +220,8 @@ class KeyConfig(Config):
         #  - server_name: "matrix.org"
         #
 
-        # The additional signing keys to use when acting as a trusted key server, on
-        # top of the normal signing keys.
+        # The signing keys to use when acting as a trusted key server. If not specified
+        # defaults to the server signing key.
         #
         # Can contain multiple keys, one per line.
         #