summary refs log tree commit diff
path: root/synapse/config/key.py
diff options
context:
space:
mode:
authorErik Johnston <erik@matrix.org>2019-06-10 18:33:55 +0100
committerErik Johnston <erik@matrix.org>2019-06-10 18:33:55 +0100
commitabce00fc6a722884d68aa56081b0e86a3c667b00 (patch)
tree8a116e98cc94acb1e0393f0ecd8d63ca2c6893f7 /synapse/config/key.py
parentMerge pull request #5415 from matrix-org/erikj/fix_null_valid_until_ms (diff)
parent1.0.0rc2 (diff)
downloadsynapse-abce00fc6a722884d68aa56081b0e86a3c667b00.tar.xz
Merge branch 'release-v1.0.0' of github.com:matrix-org/synapse into develop
Diffstat (limited to 'synapse/config/key.py')
-rw-r--r--synapse/config/key.py27
1 files changed, 23 insertions, 4 deletions
diff --git a/synapse/config/key.py b/synapse/config/key.py
index aba7092ccd..424875feae 100644
--- a/synapse/config/key.py
+++ b/synapse/config/key.py
@@ -41,6 +41,15 @@ validation or TLS certificate validation. This is likely to be very insecure. If
 you are *sure* you want to do this, set 'accept_keys_insecurely' on the
 keyserver configuration."""
 
+RELYING_ON_MATRIX_KEY_ERROR = """\
+Your server is configured to accept key server responses without TLS certificate
+validation, and which are only signed by the old (possibly compromised)
+matrix.org signing key 'ed25519:auto'. This likely isn't what you want to do,
+and you should enable 'federation_verify_certificates' in your configuration.
+
+If you are *sure* you want to do this, set 'accept_keys_insecurely' on the
+trusted_key_server configuration."""
+
 
 logger = logging.getLogger(__name__)
 
@@ -340,10 +349,20 @@ def _parse_key_servers(key_servers, federation_verify_certificates):
                 result.verify_keys[key_id] = verify_key
 
         if (
-            not verify_keys
-            and not server.get("accept_keys_insecurely")
-            and not federation_verify_certificates
+            not federation_verify_certificates and
+            not server.get("accept_keys_insecurely")
         ):
-            raise ConfigError(INSECURE_NOTARY_ERROR)
+            _assert_keyserver_has_verify_keys(result)
 
         yield result
+
+
+def _assert_keyserver_has_verify_keys(trusted_key_server):
+    if not trusted_key_server.verify_keys:
+        raise ConfigError(INSECURE_NOTARY_ERROR)
+
+    # also check that they are not blindly checking the old matrix.org key
+    if trusted_key_server.server_name == "matrix.org" and any(
+        key_id == "ed25519:auto" for key_id in trusted_key_server.verify_keys
+    ):
+        raise ConfigError(RELYING_ON_MATRIX_KEY_ERROR)