summary refs log tree commit diff
path: root/synapse/crypto/keyring.py
diff options
context:
space:
mode:
authorRichard van der Hoff <richard@matrix.org>2019-06-03 17:56:54 +0100
committerRichard van der Hoff <richard@matrix.org>2019-06-03 23:17:38 +0100
commit06a1f3e20719ab2631089a37cef50b80c1155f89 (patch)
treecaa4d1d52ad53e635474a42a27967c40c78319ad /synapse/crypto/keyring.py
parentEnforce validity period on server_keys for fed requests. (#5321) (diff)
downloadsynapse-06a1f3e20719ab2631089a37cef50b80c1155f89.tar.xz
Reduce timeout for outbound /key/v2/server requests.
Diffstat (limited to 'synapse/crypto/keyring.py')
-rw-r--r--synapse/crypto/keyring.py13
1 files changed, 13 insertions, 0 deletions
diff --git a/synapse/crypto/keyring.py b/synapse/crypto/keyring.py
index cdec06c88e..bef6498f4b 100644
--- a/synapse/crypto/keyring.py
+++ b/synapse/crypto/keyring.py
@@ -786,6 +786,19 @@ class ServerKeyFetcher(BaseV2KeyFetcher):
                     path="/_matrix/key/v2/server/"
                     + urllib.parse.quote(requested_key_id),
                     ignore_backoff=True,
+
+                    # we only give the remote server 10s to respond. It should be an
+                    # easy request to handle, so if it doesn't reply within 10s, it's
+                    # probably not going to.
+                    #
+                    # Furthermore, when we are acting as a notary server, we cannot
+                    # wait all day for all of the origin servers, as the requesting
+                    # server will otherwise time out before we can respond.
+                    #
+                    # (Note that get_json may make 4 attempts, so this can still take
+                    # almost 45 seconds to fetch the headers, plus up to another 60s to
+                    # read the response).
+                    timeout=10000,
                 )
             except (NotRetryingDestination, RequestSendFailed) as e:
                 raise_from(KeyLookupError("Failed to connect to remote server"), e)