summary refs log tree commit diff
path: root/synapse/python_dependencies.py
diff options
context:
space:
mode:
authorRichard van der Hoff <richard@matrix.org>2019-06-10 15:58:35 +0100
committerRichard van der Hoff <richard@matrix.org>2019-06-10 15:58:35 +0100
commitefe7b3176ecfe81cb7eb94a6882228ba5682278d (patch)
tree54f15ac5fc380b5caec94fa89f40806987b3b88d /synapse/python_dependencies.py
parentclean up impl, and import idna directly (diff)
downloadsynapse-efe7b3176ecfe81cb7eb94a6882228ba5682278d.tar.xz
Fix federation connections to literal IP addresses
turns out we need a shiny version of service_identity to enforce this
correctly.
Diffstat (limited to '')
-rw-r--r--synapse/python_dependencies.py4
1 files changed, 3 insertions, 1 deletions
diff --git a/synapse/python_dependencies.py b/synapse/python_dependencies.py
index db09ff285f..6efd81f204 100644
--- a/synapse/python_dependencies.py
+++ b/synapse/python_dependencies.py
@@ -45,7 +45,9 @@ REQUIREMENTS = [
     "signedjson>=1.0.0",
     "pynacl>=1.2.1",
     "idna>=2",
-    "service_identity>=16.0.0",
+
+    # validating SSL certs for IP addresses requires service_identity 18.1.
+    "service_identity>=18.1.0",
 
     # our logcontext handling relies on the ability to cancel inlineCallbacks
     # (https://twistedmatrix.com/trac/ticket/4632) which landed in Twisted 18.7.