summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--synapse/http/client.py6
-rw-r--r--synapse/server.py4
2 files changed, 5 insertions, 5 deletions
diff --git a/synapse/http/client.py b/synapse/http/client.py
index 815a838729..0933388c04 100644
--- a/synapse/http/client.py
+++ b/synapse/http/client.py
@@ -261,11 +261,11 @@ def _print_ex(e):
         logger.exception(e)
 
 
-class WoefullyInsecureContextFactory(ssl.ContextFactory):
+class InsecureInterceptableContextFactory(ssl.ContextFactory):
     """
-    Factory for PyOpenSSL SSL contexts which does absolutely no certificate verification.
+    Factory for PyOpenSSL SSL contexts which accepts any certificate for any domain.
 
-    Do not use this unless you really, really hate your users.
+    Do not use this since it allows an attacker to intercept your communications.
     """
 
     def __init__(self):
diff --git a/synapse/server.py b/synapse/server.py
index 656e534dff..d96c5a573a 100644
--- a/synapse/server.py
+++ b/synapse/server.py
@@ -21,7 +21,7 @@
 # Imports required for the default HomeServer() implementation
 from twisted.web.client import BrowserLikePolicyForHTTPS
 from synapse.federation import initialize_http_replication
-from synapse.http.client import SimpleHttpClient, WoefullyInsecureContextFactory
+from synapse.http.client import SimpleHttpClient,  InsecureInterceptableContextFactory
 from synapse.notifier import Notifier
 from synapse.api.auth import Auth
 from synapse.handlers import Handlers
@@ -181,7 +181,7 @@ class HomeServer(BaseHomeServer):
     def build_http_client_context_factory(self):
         config = self.get_config()
         return (
-            WoefullyInsecureContextFactory() if config.use_insecure_ssl_client
+            InsecureInterceptableContextFactory() if config.use_insecure_ssl_client
             else BrowserLikePolicyForHTTPS()
         )