summary refs log tree commit diff
path: root/synapse/config/tls.py (follow)
Commit message (Collapse)AuthorAgeFilesLines
* ACME config cleanups (#4525)Richard van der Hoff2019-01-301-26/+74
| | | | | | | | | | | | | | | | * Handle listening for ACME requests on IPv6 addresses the weird url-but-not-actually-a-url-string doesn't handle IPv6 addresses without extra quoting. Building a string which you are about to parse again seems like a weird choice. Let's just use listenTCP, which is consistent with what we do elsewhere. * Clean up the default ACME config make it look a bit more consistent with everything else, and tweak the defaults to listen on port 80. * newsfile
* Do not generate self-signed TLS certificates by default. (#4509)Amber Brown2019-01-291-43/+18
|
* Support ACME for certificate provisioning (#4384)Amber Brown2019-01-231-24/+91
|
* Require ECDH key exchange & remove dh_params (#4429)Amber Brown2019-01-221-40/+0
| | | * remove dh_params and set better cipher string
* run isortAmber Brown2018-07-091-5/+6
|
* Open certificate files as bytesAdrian Tschira2018-04-101-2/+2
| | | | | | That's what pyOpenSSL expects on python3 Signed-off-by: Adrian Tschira <nota@notafile.com>
* fix typoMatthew Hodgson2018-01-161-1/+1
|
* tip for generating tls_fingerprintsMatthew Hodgson2017-10-241-0/+6
|
* Improve error handling for missing files (#2551)Richard van der Hoff2017-10-171-3/+3
| | | | | | | | | | | `os.path.exists` doesn't allow us to distinguish between permissions errors and the path actually not existing, which repeatedly confuses people. It also means that we try to overwrite existing key files, which is super-confusing. (cf issues #2455, #2379). Use os.stat instead. Also, don't recomemnd the the use of --generate-config, which screws everything up if you're using debian (cf #2455).
* Fix typo in config comments.Tyler Smith2017-02-111-1/+1
| | | | Signed-off-by: Tyler Smith <tylersmith.me@gmail.com>
* Explain how long the servers can cache the TLS fingerprints forMark Haines2016-10-121-3/+4
|
* Improve comment formattingMark Haines2016-10-121-1/+1
|
* Add config option for adding additional TLS fingerprintsMark Haines2016-10-111-0/+37
|
* copyrightsMatthew Hodgson2016-01-071-1/+1
|
* Implement configurable stats reportingDaniel Wagner-Hall2015-09-221-1/+1
| | | | | | | | | | SYN-287 This requires that HS owners either opt in or out of stats reporting. When --generate-config is passed, --report-stats must be specified If an already-generated config is used, and doesn't have the report_stats key, it is requested to be set.
* Use shorter config key nameDaniel Wagner-Hall2015-09-151-3/+3
|
* Better document the intent of the insecure SSL settingDaniel Wagner-Hall2015-09-091-2/+6
|
* Allow configuration to ignore invalid SSL certsDaniel Wagner-Hall2015-09-091-0/+4
| | | | | This will be useful for sytest, and sytest only, hence the aggressive config key name.
* Merge branch 'master' of github.com:matrix-org/synapse into developErik Johnston2015-07-211-2/+2
|\
| * typoMatthew Hodgson2015-07-081-2/+2
| |
* | We don't want semicolons.Erik Johnston2015-07-091-1/+1
| |
* | remove the tls_certificate_chain_path param and simply support ↵Matthew Hodgson2015-07-091-21/+9
| | | | | | | | tls_certificate_path pointing to a file containing a chain of certificates
* | document tls_certificate_chain_path more clearlyMatthew Hodgson2015-07-091-0/+5
| |
* | oops, context.tls_certificate_chain_file() expects a file, not a certificate.Matthew Hodgson2015-07-081-4/+1
| |
* | *cough*Matthew Hodgson2015-07-081-2/+3
| |
* | add new optional config for tls_certificate_chain_path for folks with ↵Matthew Hodgson2015-07-081-3/+17
|/ | | | intermediary SSL certs
* Write a default log_config when generating configMark Haines2015-04-301-1/+1
|
* Manually generate the default config yaml, remove most of the commandline ↵Mark Haines2015-04-301-40/+38
| | | | arguments for synapse anticipating that people will use the yaml instead. Simpify implementing config options by not requiring the classes to hit the super class
* Unused importErik Johnston2015-03-061-1/+1
|
* Don't look for an TLS private key if we have set --no-tlsErik Johnston2015-03-061-4/+13
|
* Update copyright noticesMark Haines2015-01-061-1/+1
|
* Fix pep8 warningsMark Haines2014-10-301-1/+1
|
* fix the copyright holder from matrix.org to OpenMarket Ltd, as matrix.org ↵Matthew Hodgson2014-09-031-1/+1
| | | | hasn't been incorporated in time for launch.
* Fix typo when reading TLS configMark Haines2014-09-021-1/+1
|
* More helpful error messages for missing configMark Haines2014-09-021-3/+5
|
* Use pregenerated DH params when generating configMark Haines2014-09-011-7/+29
|
* Fix homeserver config parsingMark Haines2014-09-011-1/+1
|
* Add config tree to synapse. Add support for reading config from a fileMark Haines2014-08-311-0/+106