diff options
author | Erik Johnston <erik@matrix.org> | 2019-06-10 18:33:55 +0100 |
---|---|---|
committer | Erik Johnston <erik@matrix.org> | 2019-06-10 18:33:55 +0100 |
commit | abce00fc6a722884d68aa56081b0e86a3c667b00 (patch) | |
tree | 8a116e98cc94acb1e0393f0ecd8d63ca2c6893f7 /synapse/config/key.py | |
parent | Merge pull request #5415 from matrix-org/erikj/fix_null_valid_until_ms (diff) | |
parent | 1.0.0rc2 (diff) | |
download | synapse-abce00fc6a722884d68aa56081b0e86a3c667b00.tar.xz |
Merge branch 'release-v1.0.0' of github.com:matrix-org/synapse into develop
Diffstat (limited to 'synapse/config/key.py')
-rw-r--r-- | synapse/config/key.py | 27 |
1 files changed, 23 insertions, 4 deletions
diff --git a/synapse/config/key.py b/synapse/config/key.py index aba7092ccd..424875feae 100644 --- a/synapse/config/key.py +++ b/synapse/config/key.py @@ -41,6 +41,15 @@ validation or TLS certificate validation. This is likely to be very insecure. If you are *sure* you want to do this, set 'accept_keys_insecurely' on the keyserver configuration.""" +RELYING_ON_MATRIX_KEY_ERROR = """\ +Your server is configured to accept key server responses without TLS certificate +validation, and which are only signed by the old (possibly compromised) +matrix.org signing key 'ed25519:auto'. This likely isn't what you want to do, +and you should enable 'federation_verify_certificates' in your configuration. + +If you are *sure* you want to do this, set 'accept_keys_insecurely' on the +trusted_key_server configuration.""" + logger = logging.getLogger(__name__) @@ -340,10 +349,20 @@ def _parse_key_servers(key_servers, federation_verify_certificates): result.verify_keys[key_id] = verify_key if ( - not verify_keys - and not server.get("accept_keys_insecurely") - and not federation_verify_certificates + not federation_verify_certificates and + not server.get("accept_keys_insecurely") ): - raise ConfigError(INSECURE_NOTARY_ERROR) + _assert_keyserver_has_verify_keys(result) yield result + + +def _assert_keyserver_has_verify_keys(trusted_key_server): + if not trusted_key_server.verify_keys: + raise ConfigError(INSECURE_NOTARY_ERROR) + + # also check that they are not blindly checking the old matrix.org key + if trusted_key_server.server_name == "matrix.org" and any( + key_id == "ed25519:auto" for key_id in trusted_key_server.verify_keys + ): + raise ConfigError(RELYING_ON_MATRIX_KEY_ERROR) |