diff options
| author | Amber Brown <hawkowl@atleastfornow.net> | 2019-09-14 04:58:38 +1000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-09-14 04:58:38 +1000 |
| commit | 850dcfd2d3a1d689042fb38c8a16b652244068c2 (patch) | |
| tree | 933e1775746bb6d40320bdc664bc85547c6bb2e6 /synapse/config/tls.py | |
| parent | Add developer docs for using SAML without a server (#6032) (diff) | |
| download | synapse-850dcfd2d3a1d689042fb38c8a16b652244068c2.tar.xz | |
Fix well-known lookups with the federation certificate whitelist (#5997)
Diffstat (limited to 'synapse/config/tls.py')
| -rw-r--r-- | synapse/config/tls.py | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/synapse/config/tls.py b/synapse/config/tls.py index c0148aa95c..fc47ba3e9a 100644 --- a/synapse/config/tls.py +++ b/synapse/config/tls.py @@ -110,8 +110,15 @@ class TlsConfig(Config): # Support globs (*) in whitelist values self.federation_certificate_verification_whitelist = [] for entry in fed_whitelist_entries: + try: + entry_regex = glob_to_regex(entry.encode("ascii").decode("ascii")) + except UnicodeEncodeError: + raise ConfigError( + "IDNA domain names are not allowed in the " + "federation_certificate_verification_whitelist: %s" % (entry,) + ) + # Convert globs to regex - entry_regex = glob_to_regex(entry) self.federation_certificate_verification_whitelist.append(entry_regex) # List of custom certificate authorities for federation traffic validation |