diff options
author | Erik Johnston <erik@matrix.org> | 2015-03-09 14:25:06 +0000 |
---|---|---|
committer | Erik Johnston <erik@matrix.org> | 2015-03-09 14:25:06 +0000 |
commit | d5174065af7bf0f5ce0bf608c28d835bd8f6ddab (patch) | |
tree | b0bfcbe05c92427c307095971f52e92b9ec48ee0 /synapse/crypto | |
parent | Merge pull request #98 from matrix-org/hotfixes-v0.7.1-r4 (diff) | |
parent | D'oh: underscore, not hyphen (diff) | |
download | synapse-d5174065af7bf0f5ce0bf608c28d835bd8f6ddab.tar.xz |
Merge branch 'release-v0.8.0' of github.com:matrix-org/synapse v0.8.0
Diffstat (limited to 'synapse/crypto')
-rw-r--r-- | synapse/crypto/context_factory.py | 5 | ||||
-rw-r--r-- | synapse/crypto/keyring.py | 13 |
2 files changed, 15 insertions, 3 deletions
diff --git a/synapse/crypto/context_factory.py b/synapse/crypto/context_factory.py index 24d4abf3e9..2f8618a0df 100644 --- a/synapse/crypto/context_factory.py +++ b/synapse/crypto/context_factory.py @@ -38,7 +38,10 @@ class ServerContextFactory(ssl.ContextFactory): logger.exception("Failed to enable eliptic curve for TLS") context.set_options(SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3) context.use_certificate(config.tls_certificate) - context.use_privatekey(config.tls_private_key) + + if not config.no_tls: + context.use_privatekey(config.tls_private_key) + context.load_tmp_dh(config.tls_dh_params_path) context.set_cipher_list("!ADH:HIGH+kEDH:!AECDH:HIGH+kEECDH") diff --git a/synapse/crypto/keyring.py b/synapse/crypto/keyring.py index 828aced44a..f4db7b8a05 100644 --- a/synapse/crypto/keyring.py +++ b/synapse/crypto/keyring.py @@ -50,18 +50,27 @@ class Keyring(object): ) try: verify_key = yield self.get_server_verify_key(server_name, key_ids) - except IOError: + except IOError as e: + logger.warn( + "Got IOError when downloading keys for %s: %s %s", + server_name, type(e).__name__, str(e.message), + ) raise SynapseError( 502, "Error downloading keys for %s" % (server_name,), Codes.UNAUTHORIZED, ) - except: + except Exception as e: + logger.warn( + "Got Exception when downloading keys for %s: %s %s", + server_name, type(e).__name__, str(e.message), + ) raise SynapseError( 401, "No key for %s with id %s" % (server_name, key_ids), Codes.UNAUTHORIZED, ) + try: verify_signed_json(json_object, server_name, verify_key) except: |