diff options
author | Mark Haines <mark.haines@matrix.org> | 2016-10-11 19:14:46 +0100 |
---|---|---|
committer | Mark Haines <mark.haines@matrix.org> | 2016-10-11 19:14:46 +0100 |
commit | 6e9f3ab415b855a032f092baf083f354116db284 (patch) | |
tree | a2733b1cde2adfbd5be2823586372f79b3cd87e6 /synapse/rest/key/v2 | |
parent | Merge pull request #1160 from matrix-org/rav/401_on_password_fail (diff) | |
download | synapse-6e9f3ab415b855a032f092baf083f354116db284.tar.xz |
Add config option for adding additional TLS fingerprints
Diffstat (limited to 'synapse/rest/key/v2')
-rw-r--r-- | synapse/rest/key/v2/local_key_resource.py | 16 |
1 files changed, 4 insertions, 12 deletions
diff --git a/synapse/rest/key/v2/local_key_resource.py b/synapse/rest/key/v2/local_key_resource.py index 93e5b1cbf0..1cf69f3ed4 100644 --- a/synapse/rest/key/v2/local_key_resource.py +++ b/synapse/rest/key/v2/local_key_resource.py @@ -19,8 +19,6 @@ from synapse.http.server import respond_with_json_bytes from signedjson.sign import sign_json from unpaddedbase64 import encode_base64 from canonicaljson import encode_canonical_json -from hashlib import sha256 -from OpenSSL import crypto import logging @@ -49,7 +47,8 @@ class LocalKey(Resource): "key": # base64 encoded NACL verification key. } } - "tls_certificate": # base64 ASN.1 DER encoded X.509 tls cert. + "tls_fingerprints": # Fingerprints of the TLS certs this server uses. + - {"sha256": "..."} "signatures": { "this.server.example.com": { "algorithm:version": # NACL signature for this server @@ -90,21 +89,14 @@ class LocalKey(Resource): u"expired_ts": key.expired, } - x509_certificate_bytes = crypto.dump_certificate( - crypto.FILETYPE_ASN1, - self.config.tls_certificate - ) - - sha256_fingerprint = sha256(x509_certificate_bytes).digest() + tls_fingerprints = self.config.tls_fingerprints json_object = { u"valid_until_ts": self.valid_until_ts, u"server_name": self.config.server_name, u"verify_keys": verify_keys, u"old_verify_keys": old_verify_keys, - u"tls_fingerprints": [{ - u"sha256": encode_base64(sha256_fingerprint), - }] + u"tls_fingerprints": tls_fingerprints, } for key in self.config.signing_key: json_object = sign_json( |