diff options
author | Jeroen <vo.jeroen@gmail.com> | 2018-06-24 22:38:43 +0200 |
---|---|---|
committer | Jeroen <vo.jeroen@gmail.com> | 2018-06-24 22:38:43 +0200 |
commit | 3d605853c8e649ab4b3f91fb0a32cc77ef05d71f (patch) | |
tree | a7528c2dcf069b50cbe6571bb29bf42610ab3d21 /synapse/config/tls.py | |
parent | Revert "Merge pull request #3431 from matrix-org/rav/erasure_visibility" (diff) | |
download | synapse-3d605853c8e649ab4b3f91fb0a32cc77ef05d71f.tar.xz |
send SNI for federation requests
Diffstat (limited to 'synapse/config/tls.py')
-rw-r--r-- | synapse/config/tls.py | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/synapse/config/tls.py b/synapse/config/tls.py index b66154bc7c..4e7d1bd93e 100644 --- a/synapse/config/tls.py +++ b/synapse/config/tls.py @@ -47,6 +47,8 @@ class TlsConfig(Config): self.tls_fingerprints = config["tls_fingerprints"] + self.tls_ignore_certificate_validation = config.get("tls_ignore_certificate_validation", False) + # Check that our own certificate is included in the list of fingerprints # and include it if it is not. x509_certificate_bytes = crypto.dump_certificate( @@ -73,6 +75,8 @@ class TlsConfig(Config): tls_private_key_path = base_key_name + ".tls.key" tls_dh_params_path = base_key_name + ".tls.dh" + tls_ignore_certificate_validation = False + return """\ # PEM encoded X509 certificate for TLS. # You can replace the self-signed certificate that synapse @@ -117,6 +121,11 @@ class TlsConfig(Config): # tls_fingerprints: [] # tls_fingerprints: [{"sha256": "<base64_encoded_sha256_fingerprint>"}] + + # Ignore certificate validation for TLS client connections to other + # homeservers using federation. Don't enable this in a production + # environment, unless you know what you are doing! + tls_ignore_certificate_validation: %(tls_ignore_certificate_validation)s """ % locals() def read_tls_certificate(self, cert_path): |