diff options
author | Richard van der Hoff <richard@matrix.org> | 2019-04-25 20:53:10 +0100 |
---|---|---|
committer | Richard van der Hoff <richard@matrix.org> | 2019-04-25 20:55:12 +0100 |
commit | 7ca638c76135d7a0f86f6aa7981554bbe0b7a335 (patch) | |
tree | d19dadd18e0b8a6e3a4f3bbc1536f4f9eb5be650 /synapse | |
parent | Merge remote-tracking branch 'origin/master' into develop (diff) | |
download | synapse-7ca638c76135d7a0f86f6aa7981554bbe0b7a335.tar.xz |
Clarify logging when PDU signature checking fails
Diffstat (limited to 'synapse')
-rw-r--r-- | synapse/crypto/keyring.py | 4 | ||||
-rw-r--r-- | synapse/federation/federation_base.py | 19 |
2 files changed, 20 insertions, 3 deletions
diff --git a/synapse/crypto/keyring.py b/synapse/crypto/keyring.py index ed2e994437..b6d1b4cf0b 100644 --- a/synapse/crypto/keyring.py +++ b/synapse/crypto/keyring.py @@ -120,11 +120,9 @@ class Keyring(object): key_ids = signature_ids(json_object, server_name) if not key_ids: - logger.warn("Request from %s: no supported signature keys", - server_name) deferred = defer.fail(SynapseError( 400, - "Not signed with a supported algorithm", + "Not signed by %s" % (server_name, ), Codes.UNAUTHORIZED, )) else: diff --git a/synapse/federation/federation_base.py b/synapse/federation/federation_base.py index dfe6b4aa5c..1d641337da 100644 --- a/synapse/federation/federation_base.py +++ b/synapse/federation/federation_base.py @@ -269,7 +269,17 @@ def _check_sigs_on_pdus(keyring, room_version, pdus): for p in pdus_to_check_sender ]) + def sender_err(e, pdu_to_check): + logger.warning( + "event id %s: unable to verify signature for sender %s: %s", + pdu_to_check.pdu.event_id, + pdu_to_check.sender_domain, + e, + ) + return e + for p, d in zip(pdus_to_check_sender, more_deferreds): + d.addErrback(sender_err, p) p.deferreds.append(d) # now let's look for events where the sender's domain is different to the @@ -291,7 +301,16 @@ def _check_sigs_on_pdus(keyring, room_version, pdus): for p in pdus_to_check_event_id ]) + def event_err(e, pdu_to_check): + logger.warning( + "event id %s: unable to verify signature for event id domain: %s", + pdu_to_check.pdu.event_id, + e, + ) + return e + for p, d in zip(pdus_to_check_event_id, more_deferreds): + d.addErrback(event_err, p) p.deferreds.append(d) # replace lists of deferreds with single Deferreds |