Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Share SSL contexts for non-federation requests (#7094) | Richard van der Hoff | 2020-03-17 | 1 | -24/+44 |
| | | | | | | | Extends #5794 etc to the SimpleHttpClient so that it also applies to non-federation requests. Fixes #7092. | ||||
* | Fix well-known lookups with the federation certificate whitelist (#5997) | Amber Brown | 2019-09-14 | 1 | -13/+13 |
| | |||||
* | Share SSL options for well-known requests | Erik Johnston | 2019-07-31 | 1 | -0/+8 |
| | |||||
* | Update the TLS cipher string and provide configurability for TLS on outgoing ↵ | Amber Brown | 2019-06-28 | 1 | -6/+33 |
| | | | | federation (#5550) | ||||
* | rename gutwrenched attr | Richard van der Hoff | 2019-06-10 | 1 | -5/+9 |
| | |||||
* | Fix federation connections to literal IP addresses | Richard van der Hoff | 2019-06-10 | 1 | -5/+8 |
| | | | | | turns out we need a shiny version of service_identity to enforce this correctly. | ||||
* | clean up impl, and import idna directly | Richard van der Hoff | 2019-06-10 | 1 | -15/+11 |
| | |||||
* | Share an SSL context object between SSL connections | Richard van der Hoff | 2019-06-09 | 1 | -60/+89 |
| | | | | This involves changing how the info callbacks work. | ||||
* | Config option for verifying federation certificates (MSC 1711) (#4967) | Andrew Morgan | 2019-04-25 | 1 | -6/+27 |
| | |||||
* | fix to use makeContext so that we don't need to rebuild the ↵ | Amber Brown | 2019-02-19 | 1 | -8/+6 |
| | | | | certificateoptions each time | ||||
* | Don't create server contexts when TLS is disabled | Richard van der Hoff | 2019-02-11 | 1 | -3/+1 |
| | | | | we aren't going to use them anyway. | ||||
* | Don't send IP addresses as SNI (#4452) | Richard van der Hoff | 2019-01-24 | 1 | -3/+12 |
| | | | | | | The problem here is that we have cut-and-pasted an impl from Twisted, and then failed to maintain it. It was fixed in Twisted in https://github.com/twisted/twisted/pull/1047/files; let's do the same here. | ||||
* | Require ECDH key exchange & remove dh_params (#4429) | Amber Brown | 2019-01-22 | 1 | -2/+4 |
| | | | * remove dh_params and set better cipher string | ||||
* | Port crypto/ to Python 3 (#3822) | Amber Brown | 2018-09-12 | 1 | -1/+1 |
| | |||||
* | more generic conversion of str/bytes to unicode | Jeroen | 2018-08-09 | 1 | -1/+1 |
| | |||||
* | include private functions from twisted | Jeroen | 2018-08-09 | 1 | -2/+35 |
| | |||||
* | updated docstring for ServerContextFactory | Jeroen | 2018-08-08 | 1 | -1/+1 |
| | |||||
* | fix isort | Jeroen | 2018-07-29 | 1 | -2/+3 |
| | |||||
* | take idna implementation from twisted | Jeroen | 2018-06-26 | 1 | -2/+2 |
| | |||||
* | allow self-signed certificates | Jeroen | 2018-06-26 | 1 | -23/+35 |
| | |||||
* | formatting changes for pep8 | Jeroen | 2018-06-25 | 1 | -2/+2 |
| | |||||
* | send SNI for federation requests | Jeroen | 2018-06-24 | 1 | -1/+33 |
| | |||||
* | Fixes #3135 - Replace _OpenSSLECCurve with crypto.get_elliptic_curve (#3157) | Will Hunt | 2018-04-30 | 1 | -4/+5 |
| | | | | | fixes #3135 Signed-off-by: Will Hunt will@half-shot.uk | ||||
* | replace 'except:' with 'except Exception:' | Richard van der Hoff | 2017-10-23 | 1 | -1/+1 |
| | | | | what could possibly go wrong | ||||
* | copyrights | Matthew Hodgson | 2016-01-07 | 1 | -1/+1 |
| | |||||
* | remove the tls_certificate_chain_path param and simply support ↵ | Matthew Hodgson | 2015-07-09 | 1 | -3/+1 |
| | | | | tls_certificate_path pointing to a file containing a chain of certificates | ||||
* | oops, context.tls_certificate_chain_file() expects a file, not a certificate. | Matthew Hodgson | 2015-07-08 | 1 | -2/+2 |
| | |||||
* | typo | Matthew Hodgson | 2015-07-08 | 1 | -1/+1 |
| | |||||
* | add new optional config for tls_certificate_chain_path for folks with ↵ | Matthew Hodgson | 2015-07-08 | 1 | -0/+2 |
| | | | | intermediary SSL certs | ||||
* | Don't look for an TLS private key if we have set --no-tls | Erik Johnston | 2015-03-06 | 1 | -1/+4 |
| | |||||
* | Update copyright notices | Mark Haines | 2015-01-06 | 1 | -1/+1 |
| | |||||
* | Fix pep8 warnings | Mark Haines | 2014-10-30 | 1 | -1/+1 |
| | |||||
* | Add log message if we can't enable ECC. Require pyopenssl>=0.14 since 0.13 ↵ | Mark Haines | 2014-10-24 | 1 | -1/+4 |
| | | | | doesn't seem to have ECC | ||||
* | fix the copyright holder from matrix.org to OpenMarket Ltd, as matrix.org ↵ | Matthew Hodgson | 2014-09-03 | 1 | -1/+1 |
| | | | | hasn't been incorporated in time for launch. | ||||
* | Add copyright notices and fix pyflakes errors | Mark Haines | 2014-09-03 | 1 | -1/+15 |
| | |||||
* | enable ECDHE ciphers | Mark Haines | 2014-09-01 | 1 | -0/+6 |
| | |||||
* | Add server TLS context factory | Mark Haines | 2014-09-01 | 1 | -0/+23 |