summary refs log tree commit diff
path: root/synapse/crypto/context_factory.py
diff options
context:
space:
mode:
Diffstat (limited to 'synapse/crypto/context_factory.py')
-rw-r--r--synapse/crypto/context_factory.py13
1 files changed, 6 insertions, 7 deletions
diff --git a/synapse/crypto/context_factory.py b/synapse/crypto/context_factory.py
index 8a3fea043b..6fda5e677d 100644
--- a/synapse/crypto/context_factory.py
+++ b/synapse/crypto/context_factory.py
@@ -142,13 +142,12 @@ class ClientTLSOptionsFactory(object):
         # Use _makeContext so that we get a fresh OpenSSL CTX each time.
 
         # Check if certificate verification has been enabled
-        if (self._config.federation_verify_certificates):
-            # and if the host is whitelisted against it
-            if (self._config.federation_certificate_verification_whitelist and
-                    host in self._config.federation_certificate_verification_whitelist):
-                return ClientTLSOptionsNoVerify(host, self._options_noverify._makeContext())
+        should_verify = self._config.federation_verify_certificates
 
-            return ClientTLSOptions(host, self._options_verify._makeContext())
+        # Check if we've disabled certificate verification for this host
+        if should_verify and host in self._config.federation_certificate_verification_whitelist:
+            should_verify = False
 
-        # Otherwise don't require verification
+        if should_verify:
+            return ClientTLSOptions(host, self._options_verify._makeContext())
         return ClientTLSOptionsNoVerify(host, self._options_noverify._makeContext())
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-12-03 00:30:56 +0000