summary refs log tree commit diff
path: root/synapse/crypto
diff options
context:
space:
mode:
authorAmber Brown <hawkowl@atleastfornow.net>2019-02-19 16:18:05 +1100
committerAmber Brown <hawkowl@atleastfornow.net>2019-02-19 16:18:05 +1100
commit561eebe170d02047e92141fa04b70313beb2ac0b (patch)
tree1bed965bd97eb434239eb06af499295f085f072c /synapse/crypto
parentMerge pull request #4632 from matrix-org/erikj/basic_sentry (diff)
downloadsynapse-561eebe170d02047e92141fa04b70313beb2ac0b.tar.xz
fix to use makeContext so that we don't need to rebuild the certificateoptions each time
Diffstat (limited to 'synapse/crypto')
-rw-r--r--synapse/crypto/context_factory.py14
1 files changed, 6 insertions, 8 deletions
diff --git a/synapse/crypto/context_factory.py b/synapse/crypto/context_factory.py
index 85f2848fb1..49cbc7098f 100644
--- a/synapse/crypto/context_factory.py
+++ b/synapse/crypto/context_factory.py
@@ -1,4 +1,5 @@
 # Copyright 2014-2016 OpenMarket Ltd
+# Copyright 2019 New Vector Ltd
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+
 import logging
 
 from zope.interface import implementer
@@ -105,9 +107,7 @@ class ClientTLSOptions(object):
             self._hostnameBytes = _idnaBytes(hostname)
             self._sendSNI = True
 
-        ctx.set_info_callback(
-            _tolerateErrors(self._identityVerifyingInfoCallback)
-        )
+        ctx.set_info_callback(_tolerateErrors(self._identityVerifyingInfoCallback))
 
     def clientConnectionForTLS(self, tlsProtocol):
         context = self._ctx
@@ -128,10 +128,8 @@ class ClientTLSOptionsFactory(object):
 
     def __init__(self, config):
         # We don't use config options yet
-        pass
+        self._options = CertificateOptions(verify=False)
 
     def get_options(self, host):
-        return ClientTLSOptions(
-            host,
-            CertificateOptions(verify=False).getContext()
-        )
+        # Use _makeContext so that we get a fresh OpenSSL CTX each time.
+        return ClientTLSOptions(host, self._options._makeContext())