diff options
author | Richard van der Hoff <richard@matrix.org> | 2019-02-11 17:57:58 +0000 |
---|---|---|
committer | Richard van der Hoff <richard@matrix.org> | 2019-02-11 21:39:14 +0000 |
commit | 4fddf8fc77496d9bb3b5fa8835f0e5ba9a5a9926 (patch) | |
tree | 642076f830711fb2e967799b136cb92030e2026b /synapse/config/tls.py | |
parent | Merge branch 'rav/no_create_server_contexts_if_no_tls' into rav/tls_cert/work (diff) | |
download | synapse-4fddf8fc77496d9bb3b5fa8835f0e5ba9a5a9926.tar.xz |
Infer no_tls from presence of TLS listeners
Rather than have to specify `no_tls` explicitly, infer whether we need to load the TLS keys etc from whether we have any TLS-enabled listeners.
Diffstat (limited to '')
-rw-r--r-- | synapse/config/tls.py | 10 |
1 files changed, 2 insertions, 8 deletions
diff --git a/synapse/config/tls.py b/synapse/config/tls.py index 76d2add4fe..e37a41eff4 100644 --- a/synapse/config/tls.py +++ b/synapse/config/tls.py @@ -51,7 +51,6 @@ class TlsConfig(Config): self._original_tls_fingerprints = [] self.tls_fingerprints = list(self._original_tls_fingerprints) - self.no_tls = config.get("no_tls", False) # This config option applies to non-federation HTTP clients # (e.g. for talking to recaptcha, identity servers, and such) @@ -141,6 +140,8 @@ class TlsConfig(Config): return ( """\ + ## TLS ## + # PEM-encoded X509 certificate for TLS. # This certificate, as of Synapse 1.0, will need to be a valid and verifiable # certificate, signed by a recognised Certificate Authority. @@ -201,13 +202,6 @@ class TlsConfig(Config): # # reprovision_threshold: 30 - # If your server runs behind a reverse-proxy which terminates TLS connections - # (for both client and federation connections), it may be useful to disable - # All TLS support for incoming connections. Setting no_tls to True will - # do so (and avoid the need to give synapse a TLS private key). - # - # no_tls: True - # List of allowed TLS fingerprints for this server to publish along # with the signing keys for this server. Other matrix servers that # make HTTPS requests to this server will check that the TLS |