summary refs log tree commit diff
path: root/tests/http/federation
diff options
context:
space:
mode:
authorRichard van der Hoff <richard@matrix.org>2019-06-05 14:16:07 +0100
committerRichard van der Hoff <richard@matrix.org>2019-06-05 14:17:50 +0100
commite2dfb922e1334e4a506a9d678d0f1bf573cc95e6 (patch)
treeb0e43cf8df9b95a1c5f513a7a9253975c41b63f3 /tests/http/federation
parentAdd a test room version where we enforce key validity (#5348) (diff)
downloadsynapse-e2dfb922e1334e4a506a9d678d0f1bf573cc95e6.tar.xz
Validate federation server TLS certificates by default.
Diffstat (limited to 'tests/http/federation')
-rw-r--r--tests/http/federation/test_matrix_federation_agent.py12
1 files changed, 9 insertions, 3 deletions
diff --git a/tests/http/federation/test_matrix_federation_agent.py b/tests/http/federation/test_matrix_federation_agent.py
index ed0ca079d9..4153da4da7 100644
--- a/tests/http/federation/test_matrix_federation_agent.py
+++ b/tests/http/federation/test_matrix_federation_agent.py
@@ -27,6 +27,7 @@ from twisted.web.http import HTTPChannel
 from twisted.web.http_headers import Headers
 from twisted.web.iweb import IPolicyForHTTPS
 
+from synapse.config.homeserver import HomeServerConfig
 from synapse.crypto.context_factory import ClientTLSOptionsFactory
 from synapse.http.federation.matrix_federation_agent import (
     MatrixFederationAgent,
@@ -52,11 +53,16 @@ class MatrixFederationAgentTests(TestCase):
 
         self.well_known_cache = TTLCache("test_cache", timer=self.reactor.seconds)
 
+        # for now, we disable cert verification for the test, since the cert we
+        # present will not be trusted. We should do better here, though.
+        config_dict = default_config("test", parse=False)
+        config_dict["federation_verify_certificates"] = False
+        config = HomeServerConfig()
+        config.parse_config_dict(config_dict)
+
         self.agent = MatrixFederationAgent(
             reactor=self.reactor,
-            tls_client_options_factory=ClientTLSOptionsFactory(
-                default_config("test", parse=True)
-            ),
+            tls_client_options_factory=ClientTLSOptionsFactory(config),
             _well_known_tls_policy=TrustingTLSPolicyForHTTPS(),
             _srv_resolver=self.mock_resolver,
             _well_known_cache=self.well_known_cache,