diff options
author | Richard van der Hoff <richard@matrix.org> | 2019-06-05 14:16:07 +0100 |
---|---|---|
committer | Richard van der Hoff <richard@matrix.org> | 2019-06-05 14:17:50 +0100 |
commit | e2dfb922e1334e4a506a9d678d0f1bf573cc95e6 (patch) | |
tree | b0e43cf8df9b95a1c5f513a7a9253975c41b63f3 /tests/http/federation | |
parent | Add a test room version where we enforce key validity (#5348) (diff) | |
download | synapse-e2dfb922e1334e4a506a9d678d0f1bf573cc95e6.tar.xz |
Validate federation server TLS certificates by default.
Diffstat (limited to 'tests/http/federation')
-rw-r--r-- | tests/http/federation/test_matrix_federation_agent.py | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/tests/http/federation/test_matrix_federation_agent.py b/tests/http/federation/test_matrix_federation_agent.py index ed0ca079d9..4153da4da7 100644 --- a/tests/http/federation/test_matrix_federation_agent.py +++ b/tests/http/federation/test_matrix_federation_agent.py @@ -27,6 +27,7 @@ from twisted.web.http import HTTPChannel from twisted.web.http_headers import Headers from twisted.web.iweb import IPolicyForHTTPS +from synapse.config.homeserver import HomeServerConfig from synapse.crypto.context_factory import ClientTLSOptionsFactory from synapse.http.federation.matrix_federation_agent import ( MatrixFederationAgent, @@ -52,11 +53,16 @@ class MatrixFederationAgentTests(TestCase): self.well_known_cache = TTLCache("test_cache", timer=self.reactor.seconds) + # for now, we disable cert verification for the test, since the cert we + # present will not be trusted. We should do better here, though. + config_dict = default_config("test", parse=False) + config_dict["federation_verify_certificates"] = False + config = HomeServerConfig() + config.parse_config_dict(config_dict) + self.agent = MatrixFederationAgent( reactor=self.reactor, - tls_client_options_factory=ClientTLSOptionsFactory( - default_config("test", parse=True) - ), + tls_client_options_factory=ClientTLSOptionsFactory(config), _well_known_tls_policy=TrustingTLSPolicyForHTTPS(), _srv_resolver=self.mock_resolver, _well_known_cache=self.well_known_cache, |