diff options
author | Kegan Dougal <kegan@matrix.org> | 2015-03-06 17:28:49 +0000 |
---|---|---|
committer | Kegan Dougal <kegan@matrix.org> | 2015-03-06 17:28:49 +0000 |
commit | 34ce2ca62f261311a9082b6e243eb6c584487025 (patch) | |
tree | 0144c0f0a8231e2ea68e23c7d5676f48e42ee775 /synapse/crypto | |
parent | Assign the AS ID from the database; replace old placeholder txn id. (diff) | |
parent | When setting display name more graciously handle failures to update room state. (diff) | |
download | synapse-34ce2ca62f261311a9082b6e243eb6c584487025.tar.xz |
Merge branch 'develop' into application-services-txn-reliability
Diffstat (limited to 'synapse/crypto')
-rw-r--r-- | synapse/crypto/context_factory.py | 5 | ||||
-rw-r--r-- | synapse/crypto/keyring.py | 13 |
2 files changed, 15 insertions, 3 deletions
diff --git a/synapse/crypto/context_factory.py b/synapse/crypto/context_factory.py index 24d4abf3e9..2f8618a0df 100644 --- a/synapse/crypto/context_factory.py +++ b/synapse/crypto/context_factory.py @@ -38,7 +38,10 @@ class ServerContextFactory(ssl.ContextFactory): logger.exception("Failed to enable eliptic curve for TLS") context.set_options(SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3) context.use_certificate(config.tls_certificate) - context.use_privatekey(config.tls_private_key) + + if not config.no_tls: + context.use_privatekey(config.tls_private_key) + context.load_tmp_dh(config.tls_dh_params_path) context.set_cipher_list("!ADH:HIGH+kEDH:!AECDH:HIGH+kEECDH") diff --git a/synapse/crypto/keyring.py b/synapse/crypto/keyring.py index 828aced44a..f4db7b8a05 100644 --- a/synapse/crypto/keyring.py +++ b/synapse/crypto/keyring.py @@ -50,18 +50,27 @@ class Keyring(object): ) try: verify_key = yield self.get_server_verify_key(server_name, key_ids) - except IOError: + except IOError as e: + logger.warn( + "Got IOError when downloading keys for %s: %s %s", + server_name, type(e).__name__, str(e.message), + ) raise SynapseError( 502, "Error downloading keys for %s" % (server_name,), Codes.UNAUTHORIZED, ) - except: + except Exception as e: + logger.warn( + "Got Exception when downloading keys for %s: %s %s", + server_name, type(e).__name__, str(e.message), + ) raise SynapseError( 401, "No key for %s with id %s" % (server_name, key_ids), Codes.UNAUTHORIZED, ) + try: verify_signed_json(json_object, server_name, verify_key) except: |