allow self-signed certificates

1 files changed, 0 insertions, 11 deletions

diff --git a/synapse/config/tls.py b/synapse/config/tls.py

index b09dc986ab..b66154bc7c 100644
--- a/synapse/config/tls.py
+++ b/synapse/config/tls.py
@@ -47,10 +47,6 @@ class TlsConfig(Config):
 
         self.tls_fingerprints = config["tls_fingerprints"]
 
-        self.tls_ignore_certificate_validation = config.get(
-            "tls_ignore_certificate_validation", False
-        )
-
         # Check that our own certificate is included in the list of fingerprints
         # and include it if it is not.
         x509_certificate_bytes = crypto.dump_certificate(
@@ -77,8 +73,6 @@ class TlsConfig(Config):
         tls_private_key_path = base_key_name + ".tls.key"
         tls_dh_params_path = base_key_name + ".tls.dh"
 
-        tls_ignore_certificate_validation = False
-
         return """\
         # PEM encoded X509 certificate for TLS.
         # You can replace the self-signed certificate that synapse
@@ -123,11 +117,6 @@ class TlsConfig(Config):
         #
         tls_fingerprints: []
         # tls_fingerprints: [{"sha256": "<base64_encoded_sha256_fingerprint>"}]
-
-        # Ignore certificate validation for TLS client connections to other
-        # homeservers using federation. Don't enable this in a production
-        # environment, unless you know what you are doing!
-        tls_ignore_certificate_validation: %(tls_ignore_certificate_validation)s
         """ % locals()
 
     def read_tls_certificate(self, cert_path):