diff options
author | Brendan Abolivier <babolivier@matrix.org> | 2019-02-18 15:46:23 +0000 |
---|---|---|
committer | Brendan Abolivier <babolivier@matrix.org> | 2019-02-18 15:46:23 +0000 |
commit | 45bb55c6de8b50fdd00893a6ef86623d2f34b864 (patch) | |
tree | e627350a56acc6de96c5d214f02fd837381c1cd0 /synapse/handlers | |
parent | Merge branch 'develop' into babolivier/acme-delegated (diff) | |
download | synapse-45bb55c6de8b50fdd00893a6ef86623d2f34b864.tar.xz |
Use a configuration parameter to give the domain to generate a certificate for
Diffstat (limited to 'synapse/handlers')
-rw-r--r-- | synapse/handlers/acme.py | 29 |
1 files changed, 4 insertions, 25 deletions
diff --git a/synapse/handlers/acme.py b/synapse/handlers/acme.py index ca5b7257d3..f8a786a4da 100644 --- a/synapse/handlers/acme.py +++ b/synapse/handlers/acme.py @@ -27,8 +27,6 @@ from twisted.web import server, static from twisted.web.resource import Resource from synapse.app import check_bind_error -from synapse.crypto.context_factory import ClientTLSOptionsFactory -from synapse.http.federation.matrix_federation_agent import MatrixFederationAgent logger = logging.getLogger(__name__) @@ -125,34 +123,15 @@ class AcmeHandler(object): @defer.inlineCallbacks def provision_certificate(self): - # Retrieve .well-known if it's in use. We do so through the federation - # agent, because that's where the .well-known logic lives. - agent = MatrixFederationAgent( - tls_client_options_factory=ClientTLSOptionsFactory(None), - reactor=self.reactor, - ) - delegated = yield agent._get_well_known(bytes(self.hs.hostname, "ascii")) - - # If .well-known is in use, use the delegated hostname instead of the - # homeserver's server_name. - if delegated: - cert_name = delegated.decode("ascii") - logger.info( - ".well-known is in use, provisioning %s instead of %s", - cert_name, self.hs.hostname, - ) - else: - cert_name = self.hs.hostname - - logger.warning("Reprovisioning %s", cert_name) + logger.warning("Reprovisioning %s", self.hs.config.acme_domain) try: - yield self._issuer.issue_cert(cert_name) + yield self._issuer.issue_cert(self.hs.config.acme_domain) except Exception: logger.exception("Fail!") raise - logger.warning("Reprovisioned %s, saving.", cert_name) - cert_chain = self._store.certs[cert_name] + logger.warning("Reprovisioned %s, saving.", self.hs.config.acme_domain) + cert_chain = self._store.certs[self.hs.config.acme_domain] try: with open(self.hs.config.tls_private_key_file, "wb") as private_key_file: |