summary refs log tree commit diff
path: root/synapse/config
diff options
context:
space:
mode:
authorAmber Brown <hawkowl@atleastfornow.net>2019-09-14 04:58:38 +1000
committerGitHub <noreply@github.com>2019-09-14 04:58:38 +1000
commit850dcfd2d3a1d689042fb38c8a16b652244068c2 (patch)
tree933e1775746bb6d40320bdc664bc85547c6bb2e6 /synapse/config
parentAdd developer docs for using SAML without a server (#6032) (diff)
downloadsynapse-850dcfd2d3a1d689042fb38c8a16b652244068c2.tar.xz
Fix well-known lookups with the federation certificate whitelist (#5997)
Diffstat (limited to 'synapse/config')
-rw-r--r--synapse/config/tls.py9
1 files changed, 8 insertions, 1 deletions
diff --git a/synapse/config/tls.py b/synapse/config/tls.py
index c0148aa95c..fc47ba3e9a 100644
--- a/synapse/config/tls.py
+++ b/synapse/config/tls.py
@@ -110,8 +110,15 @@ class TlsConfig(Config):
         # Support globs (*) in whitelist values
         self.federation_certificate_verification_whitelist = []
         for entry in fed_whitelist_entries:
+            try:
+                entry_regex = glob_to_regex(entry.encode("ascii").decode("ascii"))
+            except UnicodeEncodeError:
+                raise ConfigError(
+                    "IDNA domain names are not allowed in the "
+                    "federation_certificate_verification_whitelist: %s" % (entry,)
+                )
+
             # Convert globs to regex
-            entry_regex = glob_to_regex(entry)
             self.federation_certificate_verification_whitelist.append(entry_regex)
 
         # List of custom certificate authorities for federation traffic validation