summary refs log tree commit diff
path: root/synapse/config/tls.py
diff options
context:
space:
mode:
authorDaniel Wagner-Hall <daniel@matrix.org>2015-09-09 14:27:30 +0100
committerDaniel Wagner-Hall <daniel@matrix.org>2015-09-09 14:27:30 +0100
commit2c746382e0a5da7e0640b149b2a4620706967324 (patch)
treea3629622a9035033fae45d43bc988b5ac51e8961 /synapse/config/tls.py
parentDon't require pdus in check_auth script (diff)
parentBetter document the intent of the insecure SSL setting (diff)
downloadsynapse-2c746382e0a5da7e0640b149b2a4620706967324.tar.xz
Merge branch 'daniel/insecureclient' into develop
Diffstat (limited to 'synapse/config/tls.py')
-rw-r--r--synapse/config/tls.py8
1 files changed, 8 insertions, 0 deletions
diff --git a/synapse/config/tls.py b/synapse/config/tls.py
index 4751d39bc9..35ff13f4ba 100644
--- a/synapse/config/tls.py
+++ b/synapse/config/tls.py
@@ -42,6 +42,14 @@ class TlsConfig(Config):
             config.get("tls_dh_params_path"), "tls_dh_params"
         )
 
+        # This config option applies to non-federation HTTP clients
+        # (e.g. for talking to recaptcha, identity servers, and such)
+        # It should never be used in production, and is intended for
+        # use only when running tests.
+        self.use_insecure_ssl_client = config.get(
+            "i_really_want_to_ignore_ssl_certs_when_i_am_an_https_client_even_"
+            "though_it_is_woefully_insecure_because_i_am_testing_i_promise", False)
+
     def default_config(self, config_dir_path, server_name):
         base_key_name = os.path.join(config_dir_path, server_name)