summary refs log tree commit diff
path: root/synapse/crypto/context_factory.py (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Share SSL contexts for non-federation requests (#7094)Richard van der Hoff2020-03-171-24/+44
| | | | | | | Extends #5794 etc to the SimpleHttpClient so that it also applies to non-federation requests. Fixes #7092.
* Fix well-known lookups with the federation certificate whitelist (#5997)Amber Brown2019-09-141-13/+13
|
* Share SSL options for well-known requestsErik Johnston2019-07-311-0/+8
|
* Update the TLS cipher string and provide configurability for TLS on outgoing ↵Amber Brown2019-06-281-6/+33
| | | | federation (#5550)
* rename gutwrenched attrRichard van der Hoff2019-06-101-5/+9
|
* Fix federation connections to literal IP addressesRichard van der Hoff2019-06-101-5/+8
| | | | | turns out we need a shiny version of service_identity to enforce this correctly.
* clean up impl, and import idna directlyRichard van der Hoff2019-06-101-15/+11
|
* Share an SSL context object between SSL connectionsRichard van der Hoff2019-06-091-60/+89
| | | | This involves changing how the info callbacks work.
* Config option for verifying federation certificates (MSC 1711) (#4967)Andrew Morgan2019-04-251-6/+27
|
* fix to use makeContext so that we don't need to rebuild the ↵Amber Brown2019-02-191-8/+6
| | | | certificateoptions each time
* Don't create server contexts when TLS is disabledRichard van der Hoff2019-02-111-3/+1
| | | | we aren't going to use them anyway.
* Don't send IP addresses as SNI (#4452)Richard van der Hoff2019-01-241-3/+12
| | | | | | The problem here is that we have cut-and-pasted an impl from Twisted, and then failed to maintain it. It was fixed in Twisted in https://github.com/twisted/twisted/pull/1047/files; let's do the same here.
* Require ECDH key exchange & remove dh_params (#4429)Amber Brown2019-01-221-2/+4
| | | * remove dh_params and set better cipher string
* Port crypto/ to Python 3 (#3822)Amber Brown2018-09-121-1/+1
|
* more generic conversion of str/bytes to unicodeJeroen2018-08-091-1/+1
|
* include private functions from twistedJeroen2018-08-091-2/+35
|
* updated docstring for ServerContextFactoryJeroen2018-08-081-1/+1
|
* fix isortJeroen2018-07-291-2/+3
|
* take idna implementation from twistedJeroen2018-06-261-2/+2
|
* allow self-signed certificatesJeroen2018-06-261-23/+35
|
* formatting changes for pep8Jeroen2018-06-251-2/+2
|
* send SNI for federation requestsJeroen2018-06-241-1/+33
|
* Fixes #3135 - Replace _OpenSSLECCurve with crypto.get_elliptic_curve (#3157)Will Hunt2018-04-301-4/+5
| | | | | fixes #3135 Signed-off-by: Will Hunt will@half-shot.uk
* replace 'except:' with 'except Exception:'Richard van der Hoff2017-10-231-1/+1
| | | | what could possibly go wrong
* copyrightsMatthew Hodgson2016-01-071-1/+1
|
* remove the tls_certificate_chain_path param and simply support ↵Matthew Hodgson2015-07-091-3/+1
| | | | tls_certificate_path pointing to a file containing a chain of certificates
* oops, context.tls_certificate_chain_file() expects a file, not a certificate.Matthew Hodgson2015-07-081-2/+2
|
* typoMatthew Hodgson2015-07-081-1/+1
|
* add new optional config for tls_certificate_chain_path for folks with ↵Matthew Hodgson2015-07-081-0/+2
| | | | intermediary SSL certs
* Don't look for an TLS private key if we have set --no-tlsErik Johnston2015-03-061-1/+4
|
* Update copyright noticesMark Haines2015-01-061-1/+1
|
* Fix pep8 warningsMark Haines2014-10-301-1/+1
|
* Add log message if we can't enable ECC. Require pyopenssl>=0.14 since 0.13 ↵Mark Haines2014-10-241-1/+4
| | | | doesn't seem to have ECC
* fix the copyright holder from matrix.org to OpenMarket Ltd, as matrix.org ↵Matthew Hodgson2014-09-031-1/+1
| | | | hasn't been incorporated in time for launch.
* Add copyright notices and fix pyflakes errorsMark Haines2014-09-031-1/+15
|
* enable ECDHE ciphersMark Haines2014-09-011-0/+6
|
* Add server TLS context factoryMark Haines2014-09-011-0/+23