2 files changed, 9 insertions, 13 deletions
diff --git a/synapse/app/_base.py b/synapse/app/_base.py
index 62c633146f..5b0ca312e2 100644
--- a/synapse/app/_base.py
+++ b/synapse/app/_base.py
@@ -213,16 +213,17 @@ def refresh_certificate(hs):
Refresh the TLS certificates that Synapse is using by re-reading them from
disk and updating the TLS context factories to use them.
"""
- logging.info("Loading certificate from disk...")
- hs.config.read_certificate_from_disk()
+
+ if not hs.config.has_tls_listener():
+ # attempt to reload the certs for the good of the tls_fingerprints
+ hs.config.read_certificate_from_disk(require_cert_and_key=False)
+ return
+
+ hs.config.read_certificate_from_disk(require_cert_and_key=True)
hs.tls_server_context_factory = context_factory.ServerContextFactory(hs.config)
- hs.tls_client_options_factory = context_factory.ClientTLSOptionsFactory(
- hs.config
- )
- logging.info("Certificate loaded.")
if hs._listening_services:
- logging.info("Updating context factories...")
+ logger.info("Updating context factories...")
for i in hs._listening_services:
# When you listenSSL, it doesn't make an SSL port but a TCP one with
# a TLS wrapping factory around the factory you actually want to get
@@ -237,7 +238,7 @@ def refresh_certificate(hs):
False,
i.factory.wrappedFactory
)
- logging.info("Context factories updated.")
+ logger.info("Context factories updated.")
def start(hs, listeners=None):
diff --git a/synapse/app/homeserver.py b/synapse/app/homeserver.py
index b4476bf16e..dbd98d394f 100755
--- a/synapse/app/homeserver.py
+++ b/synapse/app/homeserver.py
@@ -90,11 +90,6 @@ class SynapseHomeServer(HomeServer):
tls = listener_config.get("tls", False)
site_tag = listener_config.get("tag", port)
- if tls and config.no_tls:
- raise ConfigError(
- "Listener on port %i has TLS enabled, but no_tls is set" % (port,),
- )
-
resources = {}
for res in listener_config["resources"]:
for name in res["names"]:
|
