summary refs log tree commit diff
path: root/synapse/rest/key
diff options
context:
space:
mode:
authorMark Haines <mark.haines@matrix.org>2015-04-14 19:10:09 +0100
committerMark Haines <mark.haines@matrix.org>2015-04-14 19:10:09 +0100
commit32e14d81813f0d486445cbd4ceb4880d432ef5db (patch)
tree0cfb9e6ee4cab4ef8a5cb151beac0c893304535e /synapse/rest/key
parentAdd a version 2 of the key server api (diff)
downloadsynapse-32e14d81813f0d486445cbd4ceb4880d432ef5db.tar.xz
Return a sha256 fingerprint rather than the entire tls certificate
Diffstat (limited to 'synapse/rest/key')
-rw-r--r--synapse/rest/key/v2/local_key_resource.py10
1 files changed, 8 insertions, 2 deletions
diff --git a/synapse/rest/key/v2/local_key_resource.py b/synapse/rest/key/v2/local_key_resource.py
index 5c77f308df..f1ac1c8fb3 100644
--- a/synapse/rest/key/v2/local_key_resource.py
+++ b/synapse/rest/key/v2/local_key_resource.py
@@ -19,6 +19,7 @@ from synapse.http.server import respond_with_json_bytes
 from syutil.crypto.jsonsign import sign_json
 from syutil.base64util import encode_base64
 from syutil.jsonutil import encode_canonical_json
+from hashlib import sha256
 from OpenSSL import crypto
 import logging
 
@@ -88,12 +89,17 @@ class LocalKey(Resource):
             crypto.FILETYPE_ASN1,
             self.config.tls_certificate
         )
+
+        sha256_fingerprint = sha256(x509_certificate_bytes).digest()
+
         json_object = {
-            u"expires": self.expires,
+            u"valid_until": self.expires,
             u"server_name": self.config.server_name,
             u"verify_keys": verify_keys,
             u"old_verify_keys": old_verify_keys,
-            u"tls_certificate": encode_base64(x509_certificate_bytes)
+            u"tls_fingerprints": [{
+                u"sha256": encode_base64(sha256_fingerprint),
+            }]
         }
         for key in self.config.signing_key:
             json_object = sign_json(