summary refs log tree commit diff
path: root/tests/config/test_tls.py
diff options
context:
space:
mode:
authorBrendan Abolivier <babolivier@matrix.org>2021-06-17 19:56:48 +0200
committerGitHub <noreply@github.com>2021-06-17 18:56:48 +0100
commit08c84693227de9571412fa18a7d82818a370c655 (patch)
treec9282621794ea74e2a5c764f444b70a48f26470f /tests/config/test_tls.py
parentUpdate MSC3083 support per changes in the MSC. (#10189) (diff)
downloadsynapse-08c84693227de9571412fa18a7d82818a370c655.tar.xz
Remove support for ACME v1 (#10194)
Fixes #9778

ACME v1 has been fully decommissioned for existing installs on June 1st 2021(see https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430/27), so we can now safely remove it from Synapse.
Diffstat (limited to '')
-rw-r--r--tests/config/test_tls.py97
1 files changed, 0 insertions, 97 deletions
diff --git a/tests/config/test_tls.py b/tests/config/test_tls.py
index dcf336416c..b6bc1876b5 100644
--- a/tests/config/test_tls.py
+++ b/tests/config/test_tls.py
@@ -13,10 +13,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-import os
-
 import idna
-import yaml
 
 from OpenSSL import SSL
 
@@ -39,58 +36,6 @@ class TestConfig(RootConfig):
 
 
 class TLSConfigTests(TestCase):
-    def test_warn_self_signed(self):
-        """
-        Synapse will give a warning when it loads a self-signed certificate.
-        """
-        config_dir = self.mktemp()
-        os.mkdir(config_dir)
-        with open(os.path.join(config_dir, "cert.pem"), "w") as f:
-            f.write(
-                """-----BEGIN CERTIFICATE-----
-MIID6DCCAtACAws9CjANBgkqhkiG9w0BAQUFADCBtzELMAkGA1UEBhMCVFIxDzAN
-BgNVBAgMBsOHb3J1bTEUMBIGA1UEBwwLQmHFn21ha8OnxLExEjAQBgNVBAMMCWxv
-Y2FsaG9zdDEcMBoGA1UECgwTVHdpc3RlZCBNYXRyaXggTGFiczEkMCIGA1UECwwb
-QXV0b21hdGVkIFRlc3RpbmcgQXV0aG9yaXR5MSkwJwYJKoZIhvcNAQkBFhpzZWN1
-cml0eUB0d2lzdGVkbWF0cml4LmNvbTAgFw0xNzA3MTIxNDAxNTNaGA8yMTE3MDYx
-ODE0MDE1M1owgbcxCzAJBgNVBAYTAlRSMQ8wDQYDVQQIDAbDh29ydW0xFDASBgNV
-BAcMC0JhxZ9tYWvDp8SxMRIwEAYDVQQDDAlsb2NhbGhvc3QxHDAaBgNVBAoME1R3
-aXN0ZWQgTWF0cml4IExhYnMxJDAiBgNVBAsMG0F1dG9tYXRlZCBUZXN0aW5nIEF1
-dGhvcml0eTEpMCcGCSqGSIb3DQEJARYac2VjdXJpdHlAdHdpc3RlZG1hdHJpeC5j
-b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDwT6kbqtMUI0sMkx4h
-I+L780dA59KfksZCqJGmOsMD6hte9EguasfkZzvCF3dk3NhwCjFSOvKx6rCwiteo
-WtYkVfo+rSuVNmt7bEsOUDtuTcaxTzIFB+yHOYwAaoz3zQkyVW0c4pzioiLCGCmf
-FLdiDBQGGp74tb+7a0V6kC3vMLFoM3L6QWq5uYRB5+xLzlPJ734ltyvfZHL3Us6p
-cUbK+3WTWvb4ER0W2RqArAj6Bc/ERQKIAPFEiZi9bIYTwvBH27OKHRz+KoY/G8zY
-+l+WZoJqDhupRAQAuh7O7V/y6bSP+KNxJRie9QkZvw1PSaGSXtGJI3WWdO12/Ulg
-epJpAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAJXEq5P9xwvP9aDkXIqzcD0L8sf8
-ewlhlxTQdeqt2Nace0Yk18lIo2oj1t86Y8jNbpAnZJeI813Rr5M7FbHCXoRc/SZG
-I8OtG1xGwcok53lyDuuUUDexnK4O5BkjKiVlNPg4HPim5Kuj2hRNFfNt/F2BVIlj
-iZupikC5MT1LQaRwidkSNxCku1TfAyueiBwhLnFwTmIGNnhuDCutEVAD9kFmcJN2
-SznugAcPk4doX2+rL+ila+ThqgPzIkwTUHtnmjI0TI6xsDUlXz5S3UyudrE2Qsfz
-s4niecZKPBizL6aucT59CsunNmmb5Glq8rlAcU+1ZTZZzGYqVYhF6axB9Qg=
------END CERTIFICATE-----"""
-            )
-
-        config = {
-            "tls_certificate_path": os.path.join(config_dir, "cert.pem"),
-        }
-
-        t = TestConfig()
-        t.read_config(config, config_dir_path="", data_dir_path="")
-        t.read_tls_certificate()
-
-        warnings = self.flushWarnings()
-        self.assertEqual(len(warnings), 1)
-        self.assertEqual(
-            warnings[0]["message"],
-            (
-                "Self-signed TLS certificates will not be accepted by "
-                "Synapse 1.0. Please either provide a valid certificate, "
-                "or use Synapse's ACME support to provision one."
-            ),
-        )
-
     def test_tls_client_minimum_default(self):
         """
         The default client TLS version is 1.0.
@@ -202,48 +147,6 @@ s4niecZKPBizL6aucT59CsunNmmb5Glq8rlAcU+1ZTZZzGYqVYhF6axB9Qg=
         self.assertEqual(options & SSL.OP_NO_TLSv1_1, 0)
         self.assertEqual(options & SSL.OP_NO_TLSv1_2, 0)
 
-    def test_acme_disabled_in_generated_config_no_acme_domain_provied(self):
-        """
-        Checks acme is disabled by default.
-        """
-        conf = TestConfig()
-        conf.read_config(
-            yaml.safe_load(
-                TestConfig().generate_config(
-                    "/config_dir_path",
-                    "my_super_secure_server",
-                    "/data_dir_path",
-                    tls_certificate_path="/tls_cert_path",
-                    tls_private_key_path="tls_private_key",
-                    acme_domain=None,  # This is the acme_domain
-                )
-            ),
-            "/config_dir_path",
-        )
-
-        self.assertFalse(conf.acme_enabled)
-
-    def test_acme_enabled_in_generated_config_domain_provided(self):
-        """
-        Checks acme is enabled if the acme_domain arg is set to some string.
-        """
-        conf = TestConfig()
-        conf.read_config(
-            yaml.safe_load(
-                TestConfig().generate_config(
-                    "/config_dir_path",
-                    "my_super_secure_server",
-                    "/data_dir_path",
-                    tls_certificate_path="/tls_cert_path",
-                    tls_private_key_path="tls_private_key",
-                    acme_domain="my_supe_secure_server",  # This is the acme_domain
-                )
-            ),
-            "/config_dir_path",
-        )
-
-        self.assertTrue(conf.acme_enabled)
-
     def test_whitelist_idna_failure(self):
         """
         The federation certificate whitelist will not allow IDNA domain names.