Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Remove tls_fingerprints option (#9280) | Jerin J Titus | 2021-05-24 | 1 | -50/+0 |
| | | | | Signed-off-by: Jerin J Titus <72017981+jerinjtitus@users.noreply.github.com> | ||||
* | Merge pull request from GHSA-x345-32rc-8h85 | Richard van der Hoff | 2021-05-11 | 1 | -2/+2 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * tests for push rule pattern matching * tests for acl pattern matching * factor out common `re.escape` * Factor out common re.compile * Factor out common anchoring code * add word_boundary support to `glob_to_regex` * Use `glob_to_regex` in push rule evaluator NB that this drops support for character classes. I don't think anyone ever used them. * Improve efficiency of globs with multiple wildcards The idea here is that we compress multiple `*` globs into a single `.*`. We also need to consider `?`, since `*?*` is as hard to implement efficiently as `**`. * add assertion on regex pattern * Fix mypy * Simplify glob_to_regex * Inline the glob_to_regex helper function Signed-off-by: Dan Callahan <danc@element.io> * Moar comments Signed-off-by: Dan Callahan <danc@element.io> Co-authored-by: Dan Callahan <danc@element.io> | ||||
* | Remove redundant "coding: utf-8" lines (#9786) | Jonathan de Jong | 2021-04-14 | 1 | -1/+0 |
| | | | | | | | Part of #9744 Removes all redundant `# -*- coding: utf-8 -*-` lines from files, as python 3 automatically reads source code as utf-8 now. `Signed-off-by: Jonathan de Jong <jonathan@automatia.nl>` | ||||
* | Bump black configuration to target py36 (#9781) | Dan Callahan | 2021-04-13 | 1 | -1/+1 |
| | | | Signed-off-by: Dan Callahan <danc@element.io> | ||||
* | Enable mypy checking for unreachable code and fix instances. (#8432) | Patrick Cloke | 2020-10-01 | 1 | -9/+9 |
| | |||||
* | Add prometheus metrics to track federation delays (#8430) | Richard van der Hoff | 2020-10-01 | 1 | -1/+0 |
| | | | | | Add a pair of federation metrics to track the delays in sending PDUs to/from particular servers. | ||||
* | Replace all remaining six usage with native Python 3 equivalents (#7704) | Dagfinn Ilmari Mannsåker | 2020-06-16 | 1 | -3/+1 |
| | |||||
* | Clarify list/set/dict/tuple comprehensions and enforce via flake8 (#6957) | Patrick Cloke | 2020-02-21 | 1 | -1/+1 |
| | | | | Ensure good comprehension hygiene using flake8-comprehensions. | ||||
* | Linters are hard but in they end they just want what's best for us | Brendan Abolivier | 2020-02-13 | 1 | -1/+1 |
| | |||||
* | Add a separator for the config warning | Brendan Abolivier | 2020-02-13 | 1 | -1/+1 |
| | |||||
* | Add mention and warning about ACME v1 deprecation to the Synapse config | Brendan Abolivier | 2020-02-13 | 1 | -0/+19 |
| | |||||
* | Allow empty federation_certificate_verification_whitelist (#6849) | timfi | 2020-02-06 | 1 | -0/+2 |
| | |||||
* | Add config linting script that checks for bool casing (#6203) | Andrew Morgan | 2019-10-23 | 1 | -1/+8 |
| | | | | | Add a linting script that enforces all boolean values in the default config be lowercase. This has annoyed me for a while so I decided to fix it. | ||||
* | Refactor HomeserverConfig so it can be typechecked (#6137) | Amber Brown | 2019-10-10 | 1 | -3/+6 |
| | |||||
* | Fix well-known lookups with the federation certificate whitelist (#5997) | Amber Brown | 2019-09-14 | 1 | -1/+8 |
| | |||||
* | Config templating (#5900) | Jorik Schellekens | 2019-08-28 | 1 | -12/+38 |
| | | | | | | | | | | | | Template config files * Imagine a system composed entirely of x, y, z etc and the basic operations.. Wait George, why XOR? Why not just neq? George: Eh, I didn't think of that.. Co-Authored-By: Erik Johnston <erik@matrix.org> | ||||
* | Update the TLS cipher string and provide configurability for TLS on outgoing ↵ | Amber Brown | 2019-06-28 | 1 | -1/+31 |
| | | | | federation (#5550) | ||||
* | Don't load the generated config as the default. | Richard van der Hoff | 2019-06-24 | 1 | -1/+3 |
| | | | | It's too confusing. | ||||
* | Allow configuration of the path used for ACME account keys. | Richard van der Hoff | 2019-06-24 | 1 | -2/+14 |
| | | | | | Because sticking it in the same place as the config isn't necessarily the right thing to do. | ||||
* | Pass config_dir_path and data_dir_path into Config.read_config. (#5522) | Richard van der Hoff | 2019-06-24 | 1 | -1/+1 |
| | | | | | | * Pull config_dir_path and data_dir_path calculation out of read_config_files * Pass config_dir_path and data_dir_path into read_config | ||||
* | Run Black. (#5482) | Amber Brown | 2019-06-20 | 1 | -23/+29 |
| | |||||
* | Merge branch 'rav/fix_custom_ca' into rav/enable_tls_verification | Richard van der Hoff | 2019-06-05 | 1 | -1/+1 |
|\ | |||||
| * | Fix `federation_custom_ca_list` configuration option. | Richard van der Hoff | 2019-06-05 | 1 | -1/+1 |
| | | | | | | | | Previously, setting this option would cause an exception at startup. | ||||
* | | Validate federation server TLS certificates by default. | Richard van der Hoff | 2019-06-05 | 1 | -5/+5 |
|/ | |||||
* | Config option for verifying federation certificates (MSC 1711) (#4967) | Andrew Morgan | 2019-04-25 | 1 | -6/+89 |
| | |||||
* | Document using a certificate with a full chain (#4849) | Andrew Morgan | 2019-03-13 | 1 | -0/+5 |
| | |||||
* | Fix ACME config for python 2. (#4717) | Richard van der Hoff | 2019-02-25 | 1 | -3/+7 |
| | | | Fixes #4675. | ||||
* | Attempt to make default config more consistent | Richard van der Hoff | 2019-02-19 | 1 | -10/+10 |
| | | | | | | The general idea here is that config examples should just have a hash and no extraneous whitespace, both to make it easier for people who don't understand yaml, and to make the examples stand out from the comments. | ||||
* | Improve config documentation | Brendan Abolivier | 2019-02-19 | 1 | -3/+11 |
| | |||||
* | Use a configuration parameter to give the domain to generate a certificate for | Brendan Abolivier | 2019-02-18 | 1 | -0/+7 |
| | |||||
* | Disable TLS by default (#4614) | Richard van der Hoff | 2019-02-12 | 1 | -3/+3 |
| | |||||
* | Fix error when loading cert if tls is disabled (#4618) | Richard van der Hoff | 2019-02-12 | 1 | -15/+42 |
| | | | | | | If TLS is disabled, it should not be an error if no cert is given. Fixes #4554. | ||||
* | fix tests | Richard van der Hoff | 2019-02-11 | 1 | -1/+1 |
| | |||||
* | Infer no_tls from presence of TLS listeners | Richard van der Hoff | 2019-02-11 | 1 | -8/+2 |
| | | | | | Rather than have to specify `no_tls` explicitly, infer whether we need to load the TLS keys etc from whether we have any TLS-enabled listeners. | ||||
* | Logging improvements around TLS certs | Richard van der Hoff | 2019-02-11 | 1 | -18/+36 |
| | | | | | Log which file we're reading keys and certs from, and refactor the code a bit in preparation for other work | ||||
* | ACME Reprovisioning (#4522) | Amber Brown | 2019-02-11 | 1 | -1/+11 |
| | |||||
* | Be tolerant of blank TLS fingerprints config (#4589) | Amber Brown | 2019-02-11 | 1 | -1/+5 |
| | |||||
* | Fix default ACME config for py2 (#4564) | Richard van der Hoff | 2019-02-05 | 1 | -1/+1 |
| | | | Fixes #4559 | ||||
* | fix typo in config comments (#4557) | Richard van der Hoff | 2019-02-05 | 1 | -2/+2 |
| | |||||
* | ACME config cleanups (#4525) | Richard van der Hoff | 2019-01-30 | 1 | -26/+74 |
| | | | | | | | | | | | | | | | | * Handle listening for ACME requests on IPv6 addresses the weird url-but-not-actually-a-url-string doesn't handle IPv6 addresses without extra quoting. Building a string which you are about to parse again seems like a weird choice. Let's just use listenTCP, which is consistent with what we do elsewhere. * Clean up the default ACME config make it look a bit more consistent with everything else, and tweak the defaults to listen on port 80. * newsfile | ||||
* | Do not generate self-signed TLS certificates by default. (#4509) | Amber Brown | 2019-01-29 | 1 | -43/+18 |
| | |||||
* | Support ACME for certificate provisioning (#4384) | Amber Brown | 2019-01-23 | 1 | -24/+91 |
| | |||||
* | Require ECDH key exchange & remove dh_params (#4429) | Amber Brown | 2019-01-22 | 1 | -40/+0 |
| | | | * remove dh_params and set better cipher string | ||||
* | run isort | Amber Brown | 2018-07-09 | 1 | -5/+6 |
| | |||||
* | Open certificate files as bytes | Adrian Tschira | 2018-04-10 | 1 | -2/+2 |
| | | | | | | That's what pyOpenSSL expects on python3 Signed-off-by: Adrian Tschira <nota@notafile.com> | ||||
* | fix typo | Matthew Hodgson | 2018-01-16 | 1 | -1/+1 |
| | |||||
* | tip for generating tls_fingerprints | Matthew Hodgson | 2017-10-24 | 1 | -0/+6 |
| | |||||
* | Improve error handling for missing files (#2551) | Richard van der Hoff | 2017-10-17 | 1 | -3/+3 |
| | | | | | | | | | | | `os.path.exists` doesn't allow us to distinguish between permissions errors and the path actually not existing, which repeatedly confuses people. It also means that we try to overwrite existing key files, which is super-confusing. (cf issues #2455, #2379). Use os.stat instead. Also, don't recomemnd the the use of --generate-config, which screws everything up if you're using debian (cf #2455). | ||||
* | Fix typo in config comments. | Tyler Smith | 2017-02-11 | 1 | -1/+1 |
| | | | | Signed-off-by: Tyler Smith <tylersmith.me@gmail.com> | ||||
* | Explain how long the servers can cache the TLS fingerprints for | Mark Haines | 2016-10-12 | 1 | -3/+4 |
| | |||||
* | Improve comment formatting | Mark Haines | 2016-10-12 | 1 | -1/+1 |
| | |||||
* | Add config option for adding additional TLS fingerprints | Mark Haines | 2016-10-11 | 1 | -0/+37 |
| | |||||
* | copyrights | Matthew Hodgson | 2016-01-07 | 1 | -1/+1 |
| | |||||
* | Implement configurable stats reporting | Daniel Wagner-Hall | 2015-09-22 | 1 | -1/+1 |
| | | | | | | | | | | SYN-287 This requires that HS owners either opt in or out of stats reporting. When --generate-config is passed, --report-stats must be specified If an already-generated config is used, and doesn't have the report_stats key, it is requested to be set. | ||||
* | Use shorter config key name | Daniel Wagner-Hall | 2015-09-15 | 1 | -3/+3 |
| | |||||
* | Better document the intent of the insecure SSL setting | Daniel Wagner-Hall | 2015-09-09 | 1 | -2/+6 |
| | |||||
* | Allow configuration to ignore invalid SSL certs | Daniel Wagner-Hall | 2015-09-09 | 1 | -0/+4 |
| | | | | | This will be useful for sytest, and sytest only, hence the aggressive config key name. | ||||
* | Merge branch 'master' of github.com:matrix-org/synapse into develop | Erik Johnston | 2015-07-21 | 1 | -2/+2 |
|\ | |||||
| * | typo | Matthew Hodgson | 2015-07-08 | 1 | -2/+2 |
| | | |||||
* | | We don't want semicolons. | Erik Johnston | 2015-07-09 | 1 | -1/+1 |
| | | |||||
* | | remove the tls_certificate_chain_path param and simply support ↵ | Matthew Hodgson | 2015-07-09 | 1 | -21/+9 |
| | | | | | | | | tls_certificate_path pointing to a file containing a chain of certificates | ||||
* | | document tls_certificate_chain_path more clearly | Matthew Hodgson | 2015-07-09 | 1 | -0/+5 |
| | | |||||
* | | oops, context.tls_certificate_chain_file() expects a file, not a certificate. | Matthew Hodgson | 2015-07-08 | 1 | -4/+1 |
| | | |||||
* | | *cough* | Matthew Hodgson | 2015-07-08 | 1 | -2/+3 |
| | | |||||
* | | add new optional config for tls_certificate_chain_path for folks with ↵ | Matthew Hodgson | 2015-07-08 | 1 | -3/+17 |
|/ | | | | intermediary SSL certs | ||||
* | Write a default log_config when generating config | Mark Haines | 2015-04-30 | 1 | -1/+1 |
| | |||||
* | Manually generate the default config yaml, remove most of the commandline ↵ | Mark Haines | 2015-04-30 | 1 | -40/+38 |
| | | | | arguments for synapse anticipating that people will use the yaml instead. Simpify implementing config options by not requiring the classes to hit the super class | ||||
* | Unused import | Erik Johnston | 2015-03-06 | 1 | -1/+1 |
| | |||||
* | Don't look for an TLS private key if we have set --no-tls | Erik Johnston | 2015-03-06 | 1 | -4/+13 |
| | |||||
* | Update copyright notices | Mark Haines | 2015-01-06 | 1 | -1/+1 |
| | |||||
* | Fix pep8 warnings | Mark Haines | 2014-10-30 | 1 | -1/+1 |
| | |||||
* | fix the copyright holder from matrix.org to OpenMarket Ltd, as matrix.org ↵ | Matthew Hodgson | 2014-09-03 | 1 | -1/+1 |
| | | | | hasn't been incorporated in time for launch. | ||||
* | Fix typo when reading TLS config | Mark Haines | 2014-09-02 | 1 | -1/+1 |
| | |||||
* | More helpful error messages for missing config | Mark Haines | 2014-09-02 | 1 | -3/+5 |
| | |||||
* | Use pregenerated DH params when generating config | Mark Haines | 2014-09-01 | 1 | -7/+29 |
| | |||||
* | Fix homeserver config parsing | Mark Haines | 2014-09-01 | 1 | -1/+1 |
| | |||||
* | Add config tree to synapse. Add support for reading config from a file | Mark Haines | 2014-08-31 | 1 | -0/+106 |