Better document the intent of the insecure SSL setting

author: Daniel Wagner-Hall <daniel@matrix.org> 2015-09-09 13:26:23 +0100
committer: Daniel Wagner-Hall <daniel@matrix.org> 2015-09-09 13:26:23 +0100
commit: ddfe30ba835da4357670f2a2a39386b8b8e65b60 (patch)
tree: 823f326eb32ee078490277c7dad56fa42dc84c5f /synapse/config
parent: Fix random formatting (diff)
download: synapse-ddfe30ba835da4357670f2a2a39386b8b8e65b60.tar.xz
1 files changed, 6 insertions, 2 deletions
diff --git a/synapse/config/tls.py b/synapse/config/tls.py
index 472cf7ac4a..35ff13f4ba 100644
--- a/synapse/config/tls.py
+++ b/synapse/config/tls.py
@@ -42,9 +42,13 @@ class TlsConfig(Config):
             config.get("tls_dh_params_path"), "tls_dh_params"
         )
 
+        # This config option applies to non-federation HTTP clients
+        # (e.g. for talking to recaptcha, identity servers, and such)
+        # It should never be used in production, and is intended for
+        # use only when running tests.
         self.use_insecure_ssl_client = config.get(
-            "i_really_want_to_ignore_ssl_certs_when_i_am_an_http_client_even_"
-            "though_it_is_woefully_insecure_because_i_hate_my_users", False)
+            "i_really_want_to_ignore_ssl_certs_when_i_am_an_https_client_even_"
+            "though_it_is_woefully_insecure_because_i_am_testing_i_promise", False)
 
     def default_config(self, config_dir_path, server_name):
         base_key_name = os.path.join(config_dir_path, server_name)
author	Daniel Wagner-Hall <daniel@matrix.org>	2015-09-09 13:26:23 +0100
committer	Daniel Wagner-Hall <daniel@matrix.org>	2015-09-09 13:26:23 +0100
commit	ddfe30ba835da4357670f2a2a39386b8b8e65b60 (patch)
tree	823f326eb32ee078490277c7dad56fa42dc84c5f /synapse/config
parent	Fix random formatting (diff)
download	synapse-ddfe30ba835da4357670f2a2a39386b8b8e65b60.tar.xz