diff options
author | Erik Johnston <erik@matrix.org> | 2015-07-09 11:55:52 +0100 |
---|---|---|
committer | Erik Johnston <erik@matrix.org> | 2015-07-09 11:55:52 +0100 |
commit | 4019b48aaa2f107887d911909bcd4cadcd828e48 (patch) | |
tree | c853d6dd17c3aa2f419332ec0283aaeca6af7b29 /synapse | |
parent | Change format of receipts to allow inclusion of data (diff) | |
parent | We don't want semicolons. (diff) | |
download | synapse-4019b48aaa2f107887d911909bcd4cadcd828e48.tar.xz |
Merge branch 'develop' of github.com:matrix-org/synapse into erikj/receipts
Diffstat (limited to 'synapse')
-rw-r--r-- | synapse/config/tls.py | 7 | ||||
-rw-r--r-- | synapse/crypto/context_factory.py | 4 |
2 files changed, 8 insertions, 3 deletions
diff --git a/synapse/config/tls.py b/synapse/config/tls.py index ecb2d42c1f..6c1df35e80 100644 --- a/synapse/config/tls.py +++ b/synapse/config/tls.py @@ -27,6 +27,7 @@ class TlsConfig(Config): self.tls_certificate = self.read_tls_certificate( config.get("tls_certificate_path") ) + self.tls_certificate_file = config.get("tls_certificate_path") self.no_tls = config.get("no_tls", False) @@ -49,7 +50,11 @@ class TlsConfig(Config): tls_dh_params_path = base_key_name + ".tls.dh" return """\ - # PEM encoded X509 certificate for TLS + # PEM encoded X509 certificate for TLS. + # You can replace the self-signed certificate that synapse + # autogenerates on launch with your own SSL certificate + key pair + # if you like. Any required intermediary certificates can be + # appended after the primary certificate in hierarchical order. tls_certificate_path: "%(tls_certificate_path)s" # PEM encoded private key for TLS diff --git a/synapse/crypto/context_factory.py b/synapse/crypto/context_factory.py index 2f8618a0df..c4390f3b2b 100644 --- a/synapse/crypto/context_factory.py +++ b/synapse/crypto/context_factory.py @@ -35,9 +35,9 @@ class ServerContextFactory(ssl.ContextFactory): _ecCurve = _OpenSSLECCurve(_defaultCurveName) _ecCurve.addECKeyToContext(context) except: - logger.exception("Failed to enable eliptic curve for TLS") + logger.exception("Failed to enable elliptic curve for TLS") context.set_options(SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3) - context.use_certificate(config.tls_certificate) + context.use_certificate_chain_file(config.tls_certificate_file) if not config.no_tls: context.use_privatekey(config.tls_private_key) |