diff --git a/changelog.d/14455.misc b/changelog.d/14455.misc
new file mode 100644
index 0000000000..29168ef955
--- /dev/null
+++ b/changelog.d/14455.misc
@@ -0,0 +1 @@
+Add TLS support for generic worker endpoints.
diff --git a/synapse/app/_base.py b/synapse/app/_base.py
index 8f5b1a20f5..41d2732ef9 100644
--- a/synapse/app/_base.py
+++ b/synapse/app/_base.py
@@ -364,8 +364,8 @@ def listen_http(
root_resource: Resource,
version_string: str,
max_request_body_size: int,
- context_factory: IOpenSSLContextFactory,
- reactor: IReactorSSL = reactor,
+ context_factory: Optional[IOpenSSLContextFactory],
+ reactor: ISynapseReactor = reactor,
) -> List[Port]:
port = listener_config.port
bind_addresses = listener_config.bind_addresses
diff --git a/synapse/server.py b/synapse/server.py
index c4e025af22..f0a60d0056 100644
--- a/synapse/server.py
+++ b/synapse/server.py
@@ -221,8 +221,6 @@ class HomeServer(metaclass=abc.ABCMeta):
# instantiated during setup() for future return by get_datastores()
DATASTORE_CLASS = abc.abstractproperty()
- tls_server_context_factory: Optional[IOpenSSLContextFactory]
-
def __init__(
self,
hostname: str,
@@ -258,6 +256,9 @@ class HomeServer(metaclass=abc.ABCMeta):
self._module_web_resources: Dict[str, Resource] = {}
self._module_web_resources_consumed = False
+ # This attribute is set by the free function `refresh_certificate`.
+ self.tls_server_context_factory: Optional[IOpenSSLContextFactory] = None
+
def register_module_web_resource(self, path: str, resource: Resource) -> None:
"""Allows a module to register a web resource to be served at the given path.
|
