Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Fix perspectives requests for multiple keys for the same server (#11440) | Richard van der Hoff | 2021-11-29 | 1 | -11/+19 |
| | | | | | If we tried to request multiple keys for the same server, we would end up dropping some of those requests. | ||||
* | Fix verification of objects signed with old local keys (#11379) | Richard van der Hoff | 2021-11-19 | 1 | -28/+41 |
| | | | | | | | Fixes a bug introduced in #11129: objects signed by the local server, but with keys other than the current one, could not be successfully verified. We need to check the key id in the signature, and track down the right key. | ||||
* | Fetch verify key locally rather than trying to do so over federation if ↵ | Shay | 2021-10-28 | 1 | -29/+45 |
| | | | | | | | | | | | | | | | | | | | | | | | origin and host are the same. (#11129) * add tests for fetching key locally * add logic to check if origin server is same as host and fetch verify key locally rather than over federation * add changelog * slight refactor, add docstring, change changelog entry * Make changelog entry one line * remove verify_json_locally and push locality check to process_request, add function process_request_locally * remove leftover code reference * refactor to add common call to 'verify_json and associated handling code * add type hint to process_json * add some docstrings + very slight refactor | ||||
* | Add missing type hints to synapse.crypto. (#11146) | Patrick Cloke | 2021-10-21 | 3 | -18/+32 |
| | | | And require type hints for this module. | ||||
* | Use direct references for configuration variables (part 5). (#10897) | Patrick Cloke | 2021-09-24 | 1 | -2/+2 |
| | |||||
* | Use direct references for some configuration variables (part 2) (#10812) | Patrick Cloke | 2021-09-15 | 2 | -5/+5 |
| | |||||
* | Use inline type hints in various other places (in `synapse/`) (#10380) | Jonathan de Jong | 2021-07-15 | 1 | -9/+11 |
| | |||||
* | When joining a remote room limit the number of events we concurrently check ↵ | Erik Johnston | 2021-06-08 | 1 | -34/+12 |
| | | | | | signatures/hashes for (#10117) If we do hundreds of thousands at once the memory overhead can easily reach 500+ MB. | ||||
* | Rewrite the KeyRing (#10035) | Erik Johnston | 2021-06-02 | 1 | -375/+267 |
| | |||||
* | Add `Keyring.verify_events_for_server` and reduce memory usage (#10018) | Erik Johnston | 2021-05-20 | 1 | -10/+88 |
| | | | | | | Also add support for giving a callback to generate the JSON object to verify. This should reduce memory usage, as we no longer have the event in memory in dict form (which has a large memory footprint) for extend periods of time. | ||||
* | remove `HomeServer.get_config` (#9815) | Richard van der Hoff | 2021-04-14 | 1 | -1/+1 |
| | | | | Every single time I want to access the config object, I have to remember whether or not we use `get_config`. Let's just get rid of it. | ||||
* | Remove redundant "coding: utf-8" lines (#9786) | Jonathan de Jong | 2021-04-14 | 3 | -3/+0 |
| | | | | | | | Part of #9744 Removes all redundant `# -*- coding: utf-8 -*-` lines from files, as python 3 automatically reads source code as utf-8 now. `Signed-off-by: Jonathan de Jong <jonathan@automatia.nl>` | ||||
* | Enable addtional flake8-bugbear linting checks. (#9659) | Jonathan de Jong | 2021-03-24 | 1 | -1/+1 |
| | |||||
* | Import HomeServer from the proper module. (#9665) | Patrick Cloke | 2021-03-23 | 1 | -1/+1 |
| | |||||
* | Enable flake8-bugbear, but disable most checks. (#9499) | Jonathan de Jong | 2021-03-16 | 1 | -1/+1 |
| | | | | * Adds B00 to ignored checks. * Fixes remaining issues. | ||||
* | Cache config options in SSL verification (#9255) | Erik Johnston | 2021-01-28 | 1 | -4/+9 |
| | | | Reading from the config object is *slow*. | ||||
* | Add type hints to the crypto module. (#8999) | Patrick Cloke | 2021-01-04 | 3 | -98/+139 |
| | |||||
* | Apply an IP range blacklist to push and key revocation requests. (#8821) | Patrick Cloke | 2020-12-02 | 1 | -2/+2 |
| | | | | | | | | | | | | Replaces the `federation_ip_range_blacklist` configuration setting with an `ip_range_blacklist` setting with wider scope. It now applies to: * Federation * Identity servers * Push notifications * Checking key validitity for third-party invite events The old `federation_ip_range_blacklist` setting is still honored if present, but with reduced scope (it only applies to federation and identity servers). | ||||
* | Fix typos and spelling errors. (#8639) | Patrick Cloke | 2020-10-23 | 1 | -1/+1 |
| | |||||
* | Fix occasional "Re-starting finished log context" from keyring (#8398) | Richard van der Hoff | 2020-09-25 | 1 | -26/+44 |
| | | | | | | | | | | | | | | | * Fix test_verify_json_objects_for_server_awaits_previous_requests It turns out that this wasn't really testing what it thought it was testing (in particular, `check_context` was turning failures into success, which was making the tests pass even though it wasn't clear they should have been. It was also somewhat overcomplex - we can test what it was trying to test without mocking out perspectives servers. * Fix warnings about finished logcontexts in the keyring We need to make sure that we finish the key fetching magic before we run the verifying code, to ensure that we don't mess up our logcontexts. | ||||
* | Add a comment re #1691 | Richard van der Hoff | 2020-09-21 | 1 | -1/+5 |
| | |||||
* | Simplify super() calls to Python 3 syntax. (#8344) | Patrick Cloke | 2020-09-18 | 1 | -2/+2 |
| | | | | | | | This converts calls like super(Foo, self) -> super(). Generated with: sed -i "" -Ee 's/super\([^\(]+\)/super()/g' **/*.py | ||||
* | Stop sub-classing object (#8249) | Patrick Cloke | 2020-09-04 | 2 | -8/+8 |
| | |||||
* | Do not assume calls to runInteraction return Deferreds. (#8133) | Patrick Cloke | 2020-08-20 | 1 | -4/+3 |
| | |||||
* | Add a comment about SSLv23_METHOD (#8043) | Richard van der Hoff | 2020-08-07 | 1 | -0/+8 |
| | |||||
* | Convert the crypto module to async/await. (#8003) | Patrick Cloke | 2020-08-03 | 1 | -109/+92 |
| | |||||
* | Convert federation client to async/await. (#7975) | Patrick Cloke | 2020-07-30 | 1 | -28/+32 |
| | |||||
* | Replace all remaining six usage with native Python 3 equivalents (#7704) | Dagfinn Ilmari Mannsåker | 2020-06-16 | 1 | -4/+2 |
| | |||||
* | Clean up some LoggingContext stuff (#7120) | Richard van der Hoff | 2020-03-24 | 1 | -2/+2 |
| | | | | | | | | | | | | | | | | | | | | | | | * Pull Sentinel out of LoggingContext ... and drop a few unnecessary references to it * Factor out LoggingContext.current_context move `current_context` and `set_context` out to top-level functions. Mostly this means that I can more easily trace what's actually referring to LoggingContext, but I think it's generally neater. * move copy-to-parent into `stop` this really just makes `start` and `stop` more symetric. It also means that it behaves correctly if you manually `set_log_context` rather than using the context manager. * Replace `LoggingContext.alive` with `finished` Turn `alive` into `finished` and make it a bit better defined. | ||||
* | Share SSL contexts for non-federation requests (#7094) | Richard van der Hoff | 2020-03-17 | 1 | -24/+44 |
| | | | | | | | Extends #5794 etc to the SimpleHttpClient so that it also applies to non-federation requests. Fixes #7092. | ||||
* | Remove special auth and redaction rules for aliases events in experimental ↵ | Patrick Cloke | 2020-03-09 | 1 | -1/+1 |
| | | | | room ver. (#7037) | ||||
* | Clarify list/set/dict/tuple comprehensions and enforce via flake8 (#6957) | Patrick Cloke | 2020-02-21 | 1 | -4/+2 |
| | | | | Ensure good comprehension hygiene using flake8-comprehensions. | ||||
* | pass room_version into compute_event_signature (#6807) | Richard van der Hoff | 2020-01-31 | 1 | -8/+20 |
| | |||||
* | Pass room_version into add_hashes_and_signatures | Richard van der Hoff | 2020-01-30 | 1 | -7/+13 |
| | |||||
* | Fix some test failures when frozen_dicts are enabled (#6642) | Richard van der Hoff | 2020-01-06 | 1 | -3/+6 |
| | | | | Fixes #4026 | ||||
* | Fix exception when fetching notary server's old keys (#6625) | Richard van der Hoff | 2020-01-06 | 1 | -6/+7 |
| | | | | | | Lift the restriction that *all* the keys used for signing v2 key responses be present in verify_keys. Fixes #6596. | ||||
* | Don't encode object as UTF-8 string if not needed. | Michael Kaye | 2019-10-24 | 1 | -2/+4 |
| | | | | | I believe that string formatting ~10-15 sized events will take a proportion of CPU time. | ||||
* | Fix well-known lookups with the federation certificate whitelist (#5997) | Amber Brown | 2019-09-14 | 1 | -13/+13 |
| | |||||
* | Remove unnecessary parentheses around return statements (#5931) | Andrew Morgan | 2019-08-30 | 1 | -2/+2 |
| | | | | | Python will return a tuple whether there are parentheses around the returned values or not. I'm just sick of my editor complaining about this all over the place :) | ||||
* | Merge pull request #5895 from matrix-org/erikj/notary_key | Erik Johnston | 2019-08-27 | 1 | -9/+2 |
|\ | | | | | Add config option to sign remote key query responses with a separate key. | ||||
| * | Fixup review comments | Erik Johnston | 2019-08-23 | 1 | -2/+2 |
| | | |||||
| * | Only sign when we respond to remote key requests | Erik Johnston | 2019-08-21 | 1 | -10/+1 |
| | | |||||
| * | Add config option for keys to use to sign keys | Erik Johnston | 2019-08-21 | 1 | -5/+7 |
| | | | | | | | | | | This allows servers to separate keys that are used to sign remote keys when acting as a notary server. | ||||
* | | Improve error msg when key-fetch fails (#5896) | Richard van der Hoff | 2019-08-22 | 1 | -5/+7 |
|/ | | | | | | | | | There's no point doing a raise_from here, because the exception is always logged at warn with no stacktrace in the caller. Instead, let's try to give better messages to reduce confusion. In particular, this means that we won't log 'Failed to connect to remote server' when we don't even attempt to connect to the remote server due to blacklisting. | ||||
* | Share SSL options for well-known requests | Erik Johnston | 2019-07-31 | 1 | -0/+8 |
| | |||||
* | Replace returnValue with return (#5736) | Amber Brown | 2019-07-23 | 1 | -7/+7 |
| | |||||
* | Add a delay to key lookup lock release to fix stack overflow | Richard van der Hoff | 2019-07-19 | 1 | -2/+8 |
| | | | | A tactical call_later here should fix #5723 | ||||
* | Refactor Keyring._start_key_lookups | Richard van der Hoff | 2019-07-19 | 1 | -51/+35 |
| | | | | | There's an awful lot of deferreds and dictionaries flying around here. The whole thing can be made much simpler and achieve the same effect. | ||||
* | Move logging utilities out of the side drawer of util/ and into logging/ (#5606) | Amber Brown | 2019-07-04 | 1 | -7/+8 |
| | |||||
* | Update the TLS cipher string and provide configurability for TLS on outgoing ↵ | Amber Brown | 2019-06-28 | 1 | -6/+33 |
| | | | | federation (#5550) | ||||
* | Run Black. (#5482) | Amber Brown | 2019-06-20 | 2 | -33/+17 |
| | |||||
* | Merge pull request #5417 from matrix-org/rav/shared_ssl_context | Erik Johnston | 2019-06-10 | 1 | -74/+106 |
|\ | | | | | Share an SSL context object between SSL connections | ||||
| * | rename gutwrenched attr | Richard van der Hoff | 2019-06-10 | 1 | -5/+9 |
| | | |||||
| * | Fix federation connections to literal IP addresses | Richard van der Hoff | 2019-06-10 | 1 | -5/+8 |
| | | | | | | | | | | turns out we need a shiny version of service_identity to enforce this correctly. | ||||
| * | clean up impl, and import idna directly | Richard van der Hoff | 2019-06-10 | 1 | -15/+11 |
| | | |||||
| * | Share an SSL context object between SSL connections | Richard van der Hoff | 2019-06-09 | 1 | -60/+89 |
| | | | | | | | | This involves changing how the info callbacks work. | ||||
* | | Improve startup checks for insecure notary configs (#5392) | Richard van der Hoff | 2019-06-10 | 1 | -7/+0 |
|/ | | | | | | | | | | | | | It's not really a problem to trust notary responses signed by the old key so long as we are also doing TLS validation. This commit adds a check to the config parsing code at startup to check that we do not have the insecure matrix.org key without tls validation, and refuses to start without it. This allows us to remove the rather alarming-looking warning which happens at runtime. | ||||
* | Stop hardcoding trust of old matrix.org key (#5374) | Richard van der Hoff | 2019-06-06 | 1 | -35/+37 |
| | | | | | | | | | | | | | | | | | There are a few changes going on here: * We make checking the signature on a key server response optional: if no verify_keys are specified, we trust to TLS to validate the connection. * We change the default config so that it does not require responses to be signed by the old key. * We replace the old 'perspectives' config with 'trusted_key_servers', which is also formatted slightly differently. * We emit a warning to the logs every time we trust a key server response signed by the old key. | ||||
* | Associate a request_name with each verify request, for logging | Richard van der Hoff | 2019-06-05 | 1 | -44/+68 |
| | | | | | | | Also: * rename VerifyKeyRequest->VerifyJsonRequest * calculate key_ids on VerifyJsonRequest construction * refactor things to pass around VerifyJsonRequests instead of 4-tuples | ||||
* | Clean up debug logging (#5347) | Richard van der Hoff | 2019-06-05 | 2 | -5/+5 |
| | | | Remove some spurious stuff, clarify some other stuff | ||||
* | Rename VerifyKeyRequest.deferred field (#5343) | Richard van der Hoff | 2019-06-05 | 1 | -12/+12 |
| | | | it's a bit confusing | ||||
* | Don't do long retries when calling the key notary server. (#5334) | Richard van der Hoff | 2019-06-04 | 1 | -1/+0 |
| | | | | | | | | It takes at least 20 minutes to work through the long_retries schedule (11 attempts, each with a 60 second timeout, and 60 seconds between each request), so if the notary server isn't returning within the timeout, we'll just end up blocking whatever request is happening for 20 minutes. Ain't nobody got time for that. | ||||
* | Notary server: make requests to origins in parallel | Richard van der Hoff | 2019-06-04 | 1 | -1/+9 |
| | | | | ... else we're guaranteed to time out. | ||||
* | Don't bomb out on direct key fetches as soon as one fails | Richard van der Hoff | 2019-06-04 | 1 | -22/+36 |
| | |||||
* | Reduce timeout for outbound /key/v2/server requests. | Richard van der Hoff | 2019-06-03 | 1 | -0/+13 |
| | |||||
* | Enforce validity period on server_keys for fed requests. (#5321) | Richard van der Hoff | 2019-06-03 | 1 | -56/+111 |
| | | | | | | | | When handling incoming federation requests, make sure that we have an up-to-date copy of the signing key. We do not yet enforce the validity period for event signatures. | ||||
* | Merge pull request #5307 from ↵ | Richard van der Hoff | 2019-06-03 | 1 | -12/+2 |
|\ | | | | | | | | | matrix-org/rav/server_keys/07-fix-notary-cache-poison Stop overwriting server keys with other keys | ||||
| * | Stop overwriting server keys with other keys | Richard van der Hoff | 2019-05-31 | 1 | -12/+2 |
| | | | | | | | | | | Fix a bug where we would discard a key result which the origin server is no longer returning. Fixes #5305. | ||||
* | | Merge remote-tracking branch 'origin/develop' into ↵ | Richard van der Hoff | 2019-05-31 | 1 | -41/+28 |
|\| | | | | | | | rav/server_keys/05-rewrite-gsvk-again | ||||
| * | Remove some pointless exception handling | Richard van der Hoff | 2019-05-30 | 1 | -25/+8 |
| | | | | | | | | | | | | | | | | The verify_request deferred already returns a suitable SynapseError, so I don't really know what we expect to achieve by doing more wrapping, other than log spam. Fixes #4278. | ||||
| * | use attr.s for VerifyKeyRequest | Richard van der Hoff | 2019-05-30 | 1 | -17/+21 |
| | | | | | | | | because namedtuple is awful | ||||
* | | Rewrite get_server_verify_keys, again. | Richard van der Hoff | 2019-05-30 | 1 | -48/+53 |
|/ | | | | | Attempt to simplify the logic in get_server_verify_keys by splitting it into two methods. | ||||
* | Merge pull request #5251 from matrix-org/rav/server_keys/01-check_sig | Richard van der Hoff | 2019-05-28 | 1 | -41/+92 |
|\ | | | | | Ensure that server_keys fetched via a notary server are correctly signed. | ||||
| * | Improve error handling/logging for perspectives-key fetching. | Richard van der Hoff | 2019-05-24 | 1 | -28/+77 |
| | | | | | | | | In particular, don't give up on the first failure. | ||||
| * | Require sig from origin server on perspectives responses | Richard van der Hoff | 2019-05-23 | 1 | -13/+15 |
| | | |||||
* | | Simplification to Keyring.wait_for_previous_lookups. (#5250) | Richard van der Hoff | 2019-05-24 | 1 | -7/+4 |
|/ | | | | | | The list of server names was redundant, since it was equivalent to the keys on the server_to_deferred map. This reduces the number of large lists being passed around, and has the benefit of deduplicating the entries in `wait_on`. | ||||
* | Factor out KeyFetchers from KeyRing | Richard van der Hoff | 2019-05-23 | 1 | -140/+175 |
| | | | | | | | Rather than have three methods which have to have the same interface, factor out a separate interface which is provided by three implementations. I find it easier to grok the code this way. | ||||
* | Store key validity time in the storage layer | Richard van der Hoff | 2019-05-23 | 1 | -14/+33 |
| | | | | | | | | This is a first step to checking that the key is valid at the required moment. The idea here is that, rather than passing VerifyKey objects in and out of the storage layer, we instead pass FetchKeyResult objects, which simply wrap the VerifyKey and add a valid_until_ts field. | ||||
* | Simplify process_v2_response (#5236) | Richard van der Hoff | 2019-05-23 | 1 | -21/+29 |
| | | | | | | | | | * Pass time_added_ms into process_v2_response * Simplify process_v2_response We can merge old_verify_keys into verify_keys, and reduce the number of dicts flying around. | ||||
* | Remove unused VerifyKey.expired and .time_added fields (#5235) | Richard van der Hoff | 2019-05-23 | 1 | -3/+0 |
| | | | | | These were never used, and poking arbitary data into objects from other packages seems confusing at best. | ||||
* | Rewrite store_server_verify_key to store several keys at once (#5234) | Richard van der Hoff | 2019-05-23 | 1 | -45/+14 |
| | | | | | Storing server keys hammered the database a bit. This replaces the implementation which stored a single key, with one which can do many updates at once. | ||||
* | Run black on synapse.crypto.keyring (#5232) | Richard van der Hoff | 2019-05-22 | 1 | -149/+137 |
| | |||||
* | remove extraneous exception logging | Richard van der Hoff | 2019-04-25 | 1 | -16/+32 |
| | |||||
* | Clarify logging when PDU signature checking fails | Richard van der Hoff | 2019-04-25 | 1 | -3/+1 |
| | |||||
* | Config option for verifying federation certificates (MSC 1711) (#4967) | Andrew Morgan | 2019-04-25 | 1 | -6/+27 |
| | |||||
* | Remove periods from copyright headers (#5046) | Andrew Morgan | 2019-04-11 | 1 | -1/+1 |
| | |||||
* | Rewrite Datastore.get_server_verify_keys | Richard van der Hoff | 2019-04-09 | 1 | -21/+17 |
| | | | | Rewrite this so that it doesn't hammer the database. | ||||
* | Remove redundant merged_keys dict | Richard van der Hoff | 2019-04-08 | 1 | -8/+5 |
| | | | | | | There's no point in collecting a merged dict of keys: it is sufficient to consider just the new keys which have been fetched by the most recent key_fetch_fns. | ||||
* | Fix from_server buglet in get_keys_from_perspectives | Richard van der Hoff | 2019-04-08 | 1 | -1/+1 |
| | | | | | make sure we store the name of the server the keys came from, rather than the origin server, after doing a fetch-from-perspectives. | ||||
* | Hoist server_name check out of process_v2_response | Richard van der Hoff | 2019-04-04 | 1 | -13/+7 |
| | | | | | It's easier to check it in the caller than to complicate the interface with an extra param. | ||||
* | Clean up Keyring.process_v2_response | Richard van der Hoff | 2019-04-04 | 1 | -23/+46 |
| | | | | | | Make this just return the key dict, rather than a single-entry dict mapping the server name to the key dict. It's easy for the caller to get the server name from from the response object anyway. | ||||
* | Correctly log expected errors when fetching server keys | Erik Johnston | 2019-03-11 | 1 | -2/+2 |
| | |||||
* | raise_from already raises | Erik Johnston | 2019-02-25 | 1 | -4/+4 |
| | |||||
* | Handle errors when fetching remote server keys | Erik Johnston | 2019-02-23 | 1 | -21/+51 |
| | |||||
* | fix to use makeContext so that we don't need to rebuild the ↵ | Amber Brown | 2019-02-19 | 1 | -8/+6 |
| | | | | certificateoptions each time | ||||
* | Correctly handle RequestSendFailed exceptions | Erik Johnston | 2019-02-14 | 1 | -2/+2 |
| | | | | This mainly reduces the number of exceptions we log. | ||||
* | Don't create server contexts when TLS is disabled | Richard van der Hoff | 2019-02-11 | 1 | -3/+1 |
| | | | | we aren't going to use them anyway. | ||||
* | Make add_hashes_and_signatures operate on dicts | Erik Johnston | 2019-01-29 | 1 | -10/+6 |
| | |||||
* | Refactor event signing to work on dicts | Erik Johnston | 2019-01-28 | 1 | -30/+69 |
| | | | | | | This is in preparation for making EventBuilder format agnostic, which means event signing should be done against the event dict rather than the EventBuilder object. | ||||
* | Don't send IP addresses as SNI (#4452) | Richard van der Hoff | 2019-01-24 | 1 | -3/+12 |
| | | | | | | The problem here is that we have cut-and-pasted an impl from Twisted, and then failed to maintain it. It was fixed in Twisted in https://github.com/twisted/twisted/pull/1047/files; let's do the same here. | ||||
* | Make key fetches use regular federation client (#4426) | Richard van der Hoff | 2019-01-22 | 2 | -172/+7 |
| | | | | | All this magic is redundant. | ||||
* | Require ECDH key exchange & remove dh_params (#4429) | Amber Brown | 2019-01-22 | 1 | -2/+4 |
| | | | * remove dh_params and set better cipher string | ||||
* | Remove fetching keys via the deprecated v1 kex method (#4120) | Amber Brown | 2018-10-31 | 2 | -106/+12 |
| | |||||
* | Fix a number of flake8 errors | Richard van der Hoff | 2018-10-24 | 1 | -1/+1 |
| | | | | | | | | | | | | Broadly three things here: * disable W504 which seems a bit whacko * remove a bunch of `as e` expressions from exception handlers that don't use them * use `r""` for strings which include backslashes Also, we don't use pep8 any more, so we can get rid of the duplicate config there. | ||||
* | Merge pull request #3826 from matrix-org/rav/logging_for_keyring | Amber Brown | 2018-09-12 | 1 | -6/+18 |
|\ | | | | | add some logging for the keyring queue | ||||
| * | add some logging for the keyring queue | Richard van der Hoff | 2018-09-06 | 1 | -6/+18 |
| | | | | | | | | why is it so damn slow? | ||||
* | | Port crypto/ to Python 3 (#3822) | Amber Brown | 2018-09-12 | 3 | -6/+13 |
|/ | |||||
* | Don't log exceptions when failing to fetch server keys | Erik Johnston | 2018-08-21 | 1 | -2/+6 |
| | | | | | Not being able to resolve or connect to remote servers is an expected error, so we shouldn't log at ERROR with stacktraces. | ||||
* | more generic conversion of str/bytes to unicode | Jeroen | 2018-08-09 | 1 | -1/+1 |
| | |||||
* | include private functions from twisted | Jeroen | 2018-08-09 | 1 | -2/+35 |
| | |||||
* | updated docstring for ServerContextFactory | Jeroen | 2018-08-08 | 1 | -1/+1 |
| | |||||
* | fix isort | Jeroen | 2018-07-29 | 1 | -2/+3 |
| | |||||
* | fix accidental removal of hs | Jeroen | 2018-07-27 | 1 | -1/+1 |
| | |||||
* | Merge remote-tracking branch 'upstream/develop' into ↵ | Jeroen | 2018-07-14 | 3 | -32/+36 |
|\ | | | | | | | | | | | | | send_sni_for_federation_requests # Conflicts: # synapse/crypto/context_factory.py | ||||
| * | run isort | Amber Brown | 2018-07-09 | 4 | -35/+39 |
| | | |||||
* | | Merge branch 'develop' into send_sni_for_federation_requests | Jeroen | 2018-07-09 | 1 | -1/+1 |
|\| | | | | | | | | | # Conflicts: # synapse/http/endpoint.py | ||||
| * | Attempt to be more performant on PyPy (#3462) | Amber Brown | 2018-06-28 | 1 | -1/+1 |
| | | |||||
* | | take idna implementation from twisted | Jeroen | 2018-06-26 | 1 | -2/+2 |
| | | |||||
* | | allow self-signed certificates | Jeroen | 2018-06-26 | 1 | -23/+35 |
| | | |||||
* | | formatting changes for pep8 | Jeroen | 2018-06-25 | 1 | -2/+2 |
| | | |||||
* | | send SNI for federation requests | Jeroen | 2018-06-24 | 3 | -5/+37 |
|/ | |||||
* | Try to log more helpful info when a sig verification fails | Richard van der Hoff | 2018-06-08 | 1 | -6/+25 |
| | | | | | | | | Firstly, don't swallow the reason for the failure Secondly, don't assume all exceptions are verification failures Thirdly, log a bit of info about the key being used if debug is enabled | ||||
* | Fixes #3135 - Replace _OpenSSLECCurve with crypto.get_elliptic_curve (#3157) | Will Hunt | 2018-04-30 | 1 | -4/+5 |
| | | | | | fixes #3135 Signed-off-by: Will Hunt will@half-shot.uk | ||||
* | Merge remote-tracking branch 'origin/develop' into rav/use_run_in_background | Richard van der Hoff | 2018-04-27 | 1 | -45/+48 |
|\ | |||||
| * | Improve exception handling for background processes | Richard van der Hoff | 2018-04-27 | 1 | -45/+48 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There were a bunch of places where we fire off a process to happen in the background, but don't have any exception handling on it - instead relying on the unhandled error being logged when the relevent deferred gets garbage-collected. This is unsatisfactory for a number of reasons: - logging on garbage collection is best-effort and may happen some time after the error, if at all - it can be hard to figure out where the error actually happened. - it is logged as a scary CRITICAL error which (a) I always forget to grep for and (b) it's not really CRITICAL if a background process we don't care about fails. So this is an attempt to add exception handling to everything we fire off into the background. | ||||
* | | Use run_in_background in preference to preserve_fn | Richard van der Hoff | 2018-04-27 | 1 | -11/+17 |
|/ | | | | | | While I was going through uses of preserve_fn for other PRs, I converted places which only use the wrapped function once to use run_in_background, to avoid creating the function object. | ||||
* | Use str(e) instead of e.message | Adrian Tschira | 2018-04-15 | 1 | -4/+4 |
| | | | | | | | Doing this I learned e.message was pretty shortlived, added in 2.6, they realized it was a bad idea and deprecated it in 2.7 Signed-off-by: Adrian Tschira <nota@notafile.com> | ||||
* | Fix 500 when joining matrix-dev | Richard van der Hoff | 2017-11-29 | 1 | -3/+10 |
| | | | | | | | matrix-dev has an event (`$/6ANj/9QWQyd71N6DpRQPf+SDUu11+HVMeKSpMzBCwM:zemos.net`) which has no `hashes` member. Check for missing `hashes` element in events. | ||||
* | replace 'except:' with 'except Exception:' | Richard van der Hoff | 2017-10-23 | 3 | -3/+3 |
| | | | | what could possibly go wrong | ||||
* | Merge branch 'develop' into develop | Richard van der Hoff | 2017-09-25 | 2 | -136/+166 |
|\ | |||||
| * | Fix logcontxt leak in keyclient (#2465) | Richard van der Hoff | 2017-09-25 | 1 | -12/+5 |
| | | | | | | preserve_context_over_function doesn't do what you want it to do. | ||||
| * | Fix logcontext handling in verify_json_objects_for_server | Richard van der Hoff | 2017-09-20 | 1 | -8/+12 |
| | | | | | | | | | | | | | | | | | | | | | | | | preserve_context_over_fn is essentially broken, because (a) it pointlessly drops the current logcontext before calling its wrapped function, which means we don't get any useful logcontexts for _handle_key_deferred; (b) it wraps the resulting deferred in a _PreservingContextDeferred, which is very dangerous because you then can't yield on it without leaking context back into the reactor. Instead, let's specify that the resultant deferreds call their callbacks with no logcontext. | ||||
| * | Turn _start_key_lookups into an inlineCallbacks function | Richard van der Hoff | 2017-09-20 | 1 | -40/+37 |
| | | | | | | | | | | | | | | | | | | | | | | ... which means that logcontexts can be correctly preserved for the stuff it does. get_server_verify_keys is now called with the logcontext, so needs to preserve_fn when it fires off its nested inlineCallbacks function. Also renames get_server_verify_keys to reflect the fact it's meant to be private. | ||||
| * | Fix potential race in _start_key_lookups | Richard van der Hoff | 2017-09-20 | 1 | -5/+8 |
| | | | | | | | | | | | | | | | | | | If the verify_request.deferred has already completed, then `remove_deferreds` will be called immediately. It therefore might resolve the server_to_deferred deferred while there are still other requests for that server in flight. To avoid that, we should build the complete list of requests, and *then* add the callbacks. | ||||
| * | Add some comments to _start_key_lookups | Richard van der Hoff | 2017-09-20 | 1 | -0/+8 |
| | | |||||
| * | Consistency for how verify_request.deferred is called | Richard van der Hoff | 2017-09-20 | 1 | -13/+17 |
| | | | | | | | | | | | | | | | | | | | | Define that it is run with no log context, and make sure that happens. If we aren't careful to reset the logcontext, we can't bung the deferreds into defer.gatherResults etc. We don't actually do that directly, but we *do* resolve other deferreds from affected callbacks (notably the server_to_deferred map in _start_key_lookups), and those *do* get passed into defer.gatherResults. It turns out that this way ends up being least confusing. | ||||
| * | Factor out _start_key_lookups | Richard van der Hoff | 2017-09-20 | 1 | -7/+17 |
| | | | | | | | | ... to make it easier to see what's going on. | ||||
| * | Replace `server_and_json` with `verify_requests` | Richard van der Hoff | 2017-09-20 | 1 | -3/+3 |
| | | | | | | | | This is a precursor to factoring some of this code out. | ||||
| * | pull out handle_key_deferred to top level | Richard van der Hoff | 2017-09-20 | 1 | -43/+44 |
| | | | | | | | | | | | | There's no need for this to be a nested definition; pulling it out not only makes it more efficient, but makes it easier to check that it's not accessing any local variables it shouldn't be. | ||||
| * | Fix incorrect key_ids in error message | Richard van der Hoff | 2017-09-20 | 1 | -1/+1 |
| | | |||||
| * | Fix concurrent server_key requests (#2458) | Richard van der Hoff | 2017-09-19 | 1 | -1/+3 |
| | | | | | | | | Fix a bug where we could end up firing off multiple requests for server_keys for the same server at the same time. | ||||
| * | Clean up and document handling of logcontexts in Keyring (#2452) | Richard van der Hoff | 2017-09-18 | 1 | -28/+36 |
| | | | | | | | | | | | | I'm still unclear on what the intended behaviour for `verify_json_objects_for_server` is, but at least I now understand the behaviour of most of the things it calls... | ||||
* | | Fix iteration of requests_missing_keys; list doesn't have .values() | Kenny Keslar | 2017-07-26 | 1 | -1/+1 |
|/ | | | | Signed-off-by: Kenny Keslar <r3dey3@r3dey3.com> | ||||
* | Merge pull request #2050 from matrix-org/rav/federation_backoff | Richard van der Hoff | 2017-03-23 | 1 | -23/+16 |
|\ | | | | | push federation retry limiter down to matrixfederationclient | ||||
| * | push federation retry limiter down to matrixfederationclient | Richard van der Hoff | 2017-03-23 | 1 | -23/+16 |
| | | | | | | | | | | rather than having to instrument everywhere we make a federation call, make the MatrixFederationHttpClient manage the retry limiter. | ||||
* | | fix up some key verif docstrings | Richard van der Hoff | 2017-03-21 | 1 | -2/+21 |
|/ | |||||
* | Add some debug to help diagnose weird federation issue | Richard van der Hoff | 2017-03-20 | 1 | -1/+8 |
| | |||||
* | Preserve some logcontexts | Erik Johnston | 2016-08-24 | 1 | -18/+18 |
| | |||||
* | Update keyring Measure | Erik Johnston | 2016-08-19 | 1 | -85/+85 |
| | |||||
* | Measure keyrings | Erik Johnston | 2016-08-19 | 1 | -34/+36 |
| | |||||
* | Don't print stack traces when failing to get remote keys | Erik Johnston | 2016-08-10 | 1 | -12/+16 |
| | |||||
* | Merge branch 'erikj/key_client_fix' of github.com:matrix-org/synapse into ↵ | Erik Johnston | 2016-07-28 | 1 | -3/+9 |
|\ | | | | | | | release-v0.17.0 | ||||
| * | Cache getPeer | Erik Johnston | 2016-07-21 | 1 | -2/+5 |
| | | |||||
| * | Set host not path | Erik Johnston | 2016-07-21 | 1 | -1/+1 |
| | | |||||
| * | Send the correct host header when fetching keys | Erik Johnston | 2016-07-21 | 1 | -3/+6 |
| | | |||||
* | | Merge branch 'develop' into markjh/verify | Mark Haines | 2016-07-27 | 1 | -2/+9 |
|\ \ | | | | | | | | | | | | | Conflicts: synapse/crypto/keyring.py | ||||
| * \ | Merge pull request #955 from matrix-org/markjh/only_from2 | Mark Haines | 2016-07-27 | 1 | -2/+9 |
| |\ \ | | | | | | | | | Add a couple more checks to the keyring | ||||
| | * | | Add a couple more checks to the keyring | Mark Haines | 2016-07-26 | 1 | -2/+9 |
| | |/ | |||||
| * / | Fix a couple of bugs in the transaction and keyring code | Mark Haines | 2016-07-26 | 1 | -8/+9 |
| |/ | |||||
* / | Clean up verify_json_objects_for_server | Mark Haines | 2016-07-27 | 1 | -68/+75 |
|/ | |||||
* | Uncommit accidentally commited edit to cipher list | David Baker | 2016-05-10 | 1 | -1/+1 |
| | |||||
* | Pass through _get_event_txn | David Baker | 2016-05-10 | 1 | -1/+1 |
| | |||||
* | Make key client send a Host header | Erik Johnston | 2016-03-11 | 1 | -0/+3 |
| | |||||
* | Fix up logcontexts | Erik Johnston | 2016-02-08 | 1 | -37/+46 |
| | |||||
* | copyrights | Matthew Hodgson | 2016-01-07 | 5 | -5/+5 |
| | |||||
* | Actually look up required remote server key IDs | Paul "LeoNerd" Evans | 2015-12-18 | 1 | -1/+3 |
| | | | | | | set.union() is a side-effect-free function that returns the union of two sets. This clearly wanted .update(), which is the side-effecting mutator version. | ||||
* | Fix typo | Erik Johnston | 2015-11-20 | 1 | -1/+1 |
| | |||||
* | Don't limit connections to perspective servers | Erik Johnston | 2015-11-20 | 1 | -21/+17 |
| | |||||
* | Fix bug where we sometimes didn't fetch all the keys requested for a | Erik Johnston | 2015-09-17 | 1 | -4/+3 |
| | | | | server. | ||||
* | Merge pull request #272 from matrix-org/daniel/insecureclient | Daniel Wagner-Hall | 2015-09-15 | 1 | -2/+2 |
|\ | | | | | Allow configuration to ignore invalid SSL certs | ||||
| * | Allow configuration to ignore invalid SSL certs | Daniel Wagner-Hall | 2015-09-09 | 1 | -2/+2 |
| | | | | | | | | | | This will be useful for sytest, and sytest only, hence the aggressive config key name. | ||||
* | | Various bug fixes to crypto.keyring | Erik Johnston | 2015-09-09 | 1 | -10/+17 |
|/ | |||||
* | Remove syutil dependency in favour of smaller single-purpose libraries | Mark Haines | 2015-08-24 | 2 | -13/+14 |
| | |||||
* | Merge pull request #194 from matrix-org/erikj/bulk_verify_sigs | Erik Johnston | 2015-07-10 | 1 | -131/+342 |
|\ | | | | | Implement bulk verify_signed_json API | ||||
| * | Wait for previous attempts at fetching keys for a given server before trying ↵ | Erik Johnston | 2015-06-26 | 1 | -15/+68 |
| | | | | | | | | to fetch more | ||||
| * | Implement bulk verify_signed_json API | Erik Johnston | 2015-06-26 | 1 | -134/+292 |
| | | |||||
* | | remove the tls_certificate_chain_path param and simply support ↵ | Matthew Hodgson | 2015-07-09 | 1 | -3/+1 |
| | | | | | | | | tls_certificate_path pointing to a file containing a chain of certificates | ||||
* | | oops, context.tls_certificate_chain_file() expects a file, not a certificate. | Matthew Hodgson | 2015-07-08 | 1 | -2/+2 |
| | | |||||
* | | typo | Matthew Hodgson | 2015-07-08 | 1 | -1/+1 |
| | | |||||
* | | add new optional config for tls_certificate_chain_path for folks with ↵ | Matthew Hodgson | 2015-07-08 | 1 | -0/+2 |
|/ | | | | intermediary SSL certs | ||||
* | Handle the case when things return empty but non none things | Erik Johnston | 2015-05-19 | 1 | -2/+2 |
| | |||||
* | Don't always hit get_server_verify_key_v1_direct | Erik Johnston | 2015-05-19 | 1 | -5/+10 |
| | |||||
* | SYN-383: Actually, we expect this value to be a dict | Erik Johnston | 2015-05-19 | 1 | -1/+2 |
| | |||||
* | SYN-383: Handle the fact the server might not have signed things | Erik Johnston | 2015-05-19 | 1 | -1/+1 |
| | |||||
* | Don't reuse var names | Erik Johnston | 2015-05-19 | 1 | -2/+2 |
| | |||||
* | SYN-383: Fix parsing of verify_keys and catching of _DefGen_Return | Erik Johnston | 2015-05-19 | 1 | -18/+18 |
| | |||||
* | SYN-383: Extract the response list from 'server_keys' in the response JSON ↵ | Mark Haines | 2015-05-19 | 1 | -1/+3 |
| | | | | as it might work better than iterating over the top level dict | ||||
* | Merge pull request #143 from matrix-org/erikj/SYN-375 | Mark Haines | 2015-05-12 | 1 | -2/+6 |
|\ | | | | | SYN-375 - Lots of unhandled deferred exceptions. | ||||
| * | Change the way we create observers to deferreds so that we don't get spammed ↵ | Erik Johnston | 2015-05-08 | 1 | -2/+6 |
| | | | | | | | | by 'unhandled errors' | ||||
* | | Change the way we do logging contexts so that they survive divergences | Erik Johnston | 2015-05-08 | 1 | -6/+11 |
|/ | |||||
* | Use a defer.gatherResults to collect results from the perspective servers | Mark Haines | 2015-04-29 | 1 | -11/+21 |
| | |||||
* | Update the query format used by keyring to match current key v2 spec | Mark Haines | 2015-04-29 | 1 | -1/+12 |
| | |||||
* | Implement minimum_valid_until_ts in the remote key resource | Mark Haines | 2015-04-29 | 1 | -0/+1 |
| | |||||
* | Merge branch 'develop' into key_distribution | Mark Haines | 2015-04-27 | 1 | -0/+20 |
|\ | | | | | | | | | Conflicts: synapse/crypto/keyring.py | ||||
| * | Fix newlines | Erik Johnston | 2015-04-27 | 1 | -2/+1 |
| | | |||||
| * | Pull inner function out. | Erik Johnston | 2015-04-27 | 1 | -76/+77 |
| | | |||||
| * | Implement locks using create_observer for fetching media and server keys | Erik Johnston | 2015-04-27 | 1 | -59/+79 |
| | | |||||
* | | Add config for setting the perspective servers | Mark Haines | 2015-04-24 | 1 | -1/+5 |
| | | |||||
* | | Update to match the specification for key/v2 | Mark Haines | 2015-04-23 | 1 | -2/+2 |
| | | |||||
* | | Implement remote key lookup api | Mark Haines | 2015-04-22 | 2 | -38/+43 |
| | | |||||
* | | Implement v2 key lookup | Mark Haines | 2015-04-20 | 1 | -17/+251 |
| | | |||||
* | | Fail quicker for 4xx responses in the key client, optional hit a different ↵ | Mark Haines | 2015-04-15 | 1 | -6/+31 |
|/ | | | | API path | ||||
* | Don't look for an TLS private key if we have set --no-tls | Erik Johnston | 2015-03-06 | 1 | -1/+4 |
| | |||||
* | Log error message when we fail to fetch remote server keys | Erik Johnston | 2015-03-05 | 1 | -2/+11 |
| | |||||
* | Try to only back off if we think we failed to connect to the remote | Erik Johnston | 2015-02-17 | 1 | -54/+54 |
| | |||||
* | Add per server retry limiting. | Erik Johnston | 2015-02-17 | 1 | -15/+7 |
| | | | | | Factor out the pre destination retry logic from TransactionQueue so it can be reused in both get_pdu and crypto.keyring | ||||
* | Rate limit retries when fetching server keys. | Erik Johnston | 2015-02-17 | 1 | -55/+71 |
| | |||||
* | Blunty replace json with simplejson | Erik Johnston | 2015-02-11 | 1 | -1/+1 |
| | |||||
* | Fix code-style | Mark Haines | 2015-02-10 | 1 | -2/+2 |
| | |||||
* | Fix bug in timeout handling in keyclient | Erik Johnston | 2015-01-30 | 1 | -3/+4 |
| | |||||
* | Update copyright notices | Mark Haines | 2015-01-06 | 5 | -5/+5 |
| | |||||
* | Try and figure out how and why signatures are being changed. | Erik Johnston | 2014-12-10 | 1 | -1/+2 |
| | |||||
* | More bug fixes | Erik Johnston | 2014-12-08 | 1 | -1/+1 |
| | |||||
* | Convert rest and handlers to use new event structure | Erik Johnston | 2014-12-04 | 1 | -1/+1 |
| | |||||
* | WIP for new way of managing events. | Erik Johnston | 2014-12-03 | 1 | -18/+21 |
| | |||||
* | Merge branch 'develop' into http_client_refactor | David Baker | 2014-11-20 | 2 | -3/+3 |
|\ | |||||
| * | Use module loggers rather than the root logger. Exceptions caused by bad ↵ | Mark Haines | 2014-11-20 | 1 | -1/+1 |
| | | | | | | | | clients shouldn't cause ERROR level logging. Fix sql logging to use 'repr' rather than 'str' | ||||
| * | Add a few missing yields, Move deferred lists inside PreserveLoggingContext ↵ | Mark Haines | 2014-11-20 | 1 | -2/+2 |
| | | | | | | | | because they don't interact well with the logging contexts | ||||
* | | Separate out the matrix http client completely because just about all of its ↵ | David Baker | 2014-11-20 | 1 | -3/+3 |
|/ | | | | code it now separate from the simple case we need for standard HTTP(S) | ||||
* | Merge PDUs and Events into one object | Mark Haines | 2014-11-14 | 1 | -12/+3 |
| | |||||
* | Fix PDU and event signatures | Mark Haines | 2014-11-14 | 1 | -1/+10 |
| | |||||
* | Validate signatures on incoming events | Mark Haines | 2014-11-14 | 1 | -4/+14 |
| | |||||
* | Merge branch 'develop' into request_logging | Mark Haines | 2014-11-14 | 1 | -0/+98 |
|\ | | | | | | | | | | | | | Conflicts: setup.py synapse/storage/_base.py synapse/util/async.py | ||||
| * | Tidy up some of the unused sql tables | Erik Johnston | 2014-11-10 | 1 | -2/+0 |
| | | |||||
| * | Finish redaction algorithm. | Erik Johnston | 2014-11-10 | 1 | -5/+2 |
| | | |||||
| * | Add hash of current state to events | Erik Johnston | 2014-11-07 | 1 | -1/+10 |
| | | |||||
| * | Fix bugs in generating event signatures and hashing | Erik Johnston | 2014-11-03 | 1 | -62/+38 |
| | | |||||
| * | Don't assume event has hashes key already | Erik Johnston | 2014-11-03 | 1 | -0/+2 |
| | | |||||
| * | Sign evnets | Erik Johnston | 2014-10-31 | 1 | -0/+20 |
| | | |||||
| * | Make prev_event signing work again. | Erik Johnston | 2014-10-31 | 1 | -1/+12 |
| | | |||||
| * | Merge branch 'develop' of github.com:matrix-org/synapse into ↵ | Erik Johnston | 2014-10-30 | 4 | -5/+3 |
| |\ | | | | | | | | | | federation_authorization | ||||
| * | | fix pyflakes warnings | Mark Haines | 2014-10-27 | 1 | -4/+4 |
| | | | |||||
| * | | Merge branch 'develop' into event_signing | Mark Haines | 2014-10-27 | 3 | -2/+5 |
| |\ \ | |||||
| * | | | Remove signatures from pdu when computing hashes to use for prev pdus, make ↵ | Mark Haines | 2014-10-17 | 1 | -1/+5 |
| | | | | | | | | | | | | | | | | sure is_state is a boolean. | ||||
| * | | | Rename 'meta' to 'unsigned' | Mark Haines | 2014-10-17 | 1 | -1/+3 |
| | | | | |||||
| * | | | Hash the same content covered by the signature when referencing previous ↵ | Mark Haines | 2014-10-17 | 1 | -5/+14 |
| | | | | | | | | | | | | | | | | PDUs rather than reusing the PDU content hashes | ||||
| * | | | Sign outgoing PDUs. | Mark Haines | 2014-10-16 | 1 | -2/+2 |
| | | | | |||||
| * | | | persist hashes and origin signatures for PDUs | Mark Haines | 2014-10-15 | 1 | -0/+70 |
| | | | | |||||
* | | | | Merge branch 'develop' into request_logging | Mark Haines | 2014-10-30 | 4 | -5/+3 |
|\ \ \ \ | | |_|/ | |/| | | | | | | | | | | Conflicts: synapse/config/logger.py | ||||
| * | | | Fix pep8 warnings | Mark Haines | 2014-10-30 | 4 | -5/+3 |
| | |/ | |/| | |||||
* / | | Add a request-id to each log line | Mark Haines | 2014-10-30 | 1 | -4/+6 |
|/ / | |||||
* | | Fix pyflakes warnings | Mark Haines | 2014-10-27 | 1 | -1/+0 |
| | | |||||
* | | Add log message if we can't enable ECC. Require pyopenssl>=0.14 since 0.13 ↵ | Mark Haines | 2014-10-24 | 1 | -1/+4 |
| | | | | | | | | doesn't seem to have ECC | ||||
* | | add log line for checking verifying signatures | Mark Haines | 2014-10-17 | 1 | -0/+1 |
|/ | |||||
* | Better response message when signature is missing or unsupported | Mark Haines | 2014-10-13 | 1 | -1/+1 |
| | |||||
* | Respond with more helpful error messages for unsigned requests | Mark Haines | 2014-10-13 | 2 | -4/+33 |
| | |||||
* | SYN-75 Verify signatures on server to server transactions | Mark Haines | 2014-09-30 | 4 | -172/+154 |
| | |||||
* | Add a _matrix/key/v1 resource with the verification keys of the local server | Mark Haines | 2014-09-23 | 1 | -161/+0 |
| | |||||
* | fix the copyright holder from matrix.org to OpenMarket Ltd, as matrix.org ↵ | Matthew Hodgson | 2014-09-03 | 6 | -6/+6 |
| | | | | hasn't been incorporated in time for launch. | ||||
* | Add copyright notices and fix pyflakes errors | Mark Haines | 2014-09-03 | 1 | -1/+15 |
| |