summary refs log tree commit diff
path: root/tests/http/federation (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Support for routing outbound HTTP requests via a proxy (#6239)Richard van der Hoff2019-11-011-3/+8
| | | | | | | | | | | | | | | | | | | | The `http_proxy` and `HTTPS_PROXY` env vars can be set to a `host[:port]` value which should point to a proxy. The address of the proxy should be excluded from IP blacklists such as the `url_preview_ip_range_blacklist`. The proxy will then be used for * push * url previews * phone-home stats * recaptcha validation * CAS auth validation It will *not* be used for: * Application Services * Identity servers * Outbound federation * In worker configurations, connections from workers to masters Fixes #4198.
* Merge branch 'develop' of github.com:matrix-org/synapse into ↵Erik Johnston2019-08-221-35/+48
|\ | | | | | | erikj/reliable_lookups
| * Change jitter to be a factor rather than absolute valueErik Johnston2019-08-201-2/+2
| |
| * Retry well known on fail.Erik Johnston2019-08-151-33/+46
| | | | | | | | | | | | If we have recently seen a valid well-known for a domain we want to retry on (non-final) errors a few times, to handle temporary blips in networking/etc.
* | Remove test debugsErik Johnston2019-08-201-1/+0
| |
* | Refactor MatrixFederationAgent to retry SRV.Erik Johnston2019-08-152-5/+66
|/ | | | | | | | This refactors MatrixFederationAgent to move the SRV lookup into the endpoint code, this has two benefits: 1. Its easier to retry different host/ports in the same way as HostnameEndpoint. 2. We avoid SRV lookups if we have a free connection in the pool
* Retry well-known lookup before expiry.Erik Johnston2019-08-131-0/+69
| | | | | | | | | This gives a bit of a grace period where we can attempt to refetch a remote `well-known`, while still using the cached result if that fails. Hopefully this will make the well-known resolution a bit more torelant of failures, rather than it immediately treating failures as "no result" and caching that for an hour.
* Move well known lookup into a separate clasErik Johnston2019-08-071-20/+19
|
* Add a lower bound for TTL on well known results.Erik Johnston2019-08-061-2/+2
| | | | | | | It costs both us and the remote server for us to fetch the well known for every single request we send, so we add a minimum cache period. This is set to 5m so that we still honour the basic premise of "refetch frequently".
* Share SSL options for well-known requestsErik Johnston2019-07-311-6/+6
|
* Replace returnValue with return (#5736)Amber Brown2019-07-232-3/+3
|
* Move logging utilities out of the side drawer of util/ and into logging/ (#5606)Amber Brown2019-07-042-2/+2
|
* Pass config_dir_path and data_dir_path into Config.read_config. (#5522)Richard van der Hoff2019-06-241-1/+1
| | | | | | * Pull config_dir_path and data_dir_path calculation out of read_config_files * Pass config_dir_path and data_dir_path into read_config
* Run Black. (#5482)Amber Brown2019-06-202-109/+109
|
* Tests for SSL certs for federation connectionsRichard van der Hoff2019-06-101-10/+159
| | | | Add some tests for bad certificates for federation and .well-known connections
* Stop hardcoding trust of old matrix.org key (#5374)Richard van der Hoff2019-06-061-0/+1
| | | | | | | | | | | | | | | | | There are a few changes going on here: * We make checking the signature on a key server response optional: if no verify_keys are specified, we trust to TLS to validate the connection. * We change the default config so that it does not require responses to be signed by the old key. * We replace the old 'perspectives' config with 'trusted_key_servers', which is also formatted slightly differently. * We emit a warning to the logs every time we trust a key server response signed by the old key.
* Validate federation server TLS certificates by default.Richard van der Hoff2019-06-051-3/+9
|
* Migrate all tests to use the dict-based config format instead of hanging ↵Amber Brown2019-05-131-1/+3
| | | | items off HomeserverConfig (#5171)
* Run Black on the tests again (#5170)Amber Brown2019-05-102-148/+100
|
* Config option for verifying federation certificates (MSC 1711) (#4967)Andrew Morgan2019-04-251-1/+2
|
* Treat an invalid .well-known the same as an absent oneRichard van der Hoff2019-02-011-11/+70
| | | | ... basically, carry on and fall back to SRV etc.
* Update federation routing logic to check .well-known before SRVRichard van der Hoff2019-01-311-30/+21
|
* Follow redirects on .well-known (#4520)Richard van der Hoff2019-01-301-0/+97
|
* Add a caching layer to .well-known responses (#4516)Richard van der Hoff2019-01-301-4/+146
|
* Relax requirement for a content-type on .well-known (#4511)Richard van der Hoff2019-01-291-1/+0
|
* Implement MSC1708 (.well-known lookups for server routing) (#4489)Richard van der Hoff2019-01-291-7/+216
|
* Use SimpleResolverComplexifier in tests (#4497)Richard van der Hoff2019-01-291-4/+3
| | | | | two reasons for this. One, it saves a bunch of boilerplate. Two, it squashes unicode to IDNA-in-a-`str` (even on python 3) in a way that it turns out we rely on to give consistent behaviour between python 2 and 3.
* Handle IP literals explicitlyRichard van der Hoff2019-01-281-17/+2
| | | | We don't want to be doing .well-known lookups on these guys.
* Fix idna and ipv6 literal handling in MatrixFederationAgent (#4487)Richard van der Hoff2019-01-281-1/+180
| | | | | | | | | | | | | | | | Turns out that the library does a better job of parsing URIs than our reinvented wheel. Who knew. There are two things going on here. The first is that, unlike parse_server_name, URI.fromBytes will strip off square brackets from IPv6 literals, which means that it is valid input to ClientTLSOptionsFactory and HostnameEndpoint. The second is that we stay in `bytes` throughout (except for the argument to ClientTLSOptionsFactory), which avoids the weirdness of (sometimes) ending up with idna-encoded values being held in `unicode` variables. TBH it probably would have been ok but it made the tests fragile.
* Fix Host header sent by MatrixFederationAgent (#4468)Richard van der Hoff2019-01-251-0/+16
| | | | | | Move the Host header logic down here so that (a) it is used if we reuse the agent elsewhere, and (b) we can mess about with it with .well-known.
* Look up the right SRV recordRichard van der Hoff2019-01-241-3/+9
|
* lots more tests for MatrixFederationAgentRichard van der Hoff2019-01-241-10/+79
|
* Don't send IP addresses as SNI (#4452)Richard van der Hoff2019-01-241-3/+60
| | | | | | The problem here is that we have cut-and-pasted an impl from Twisted, and then failed to maintain it. It was fixed in Twisted in https://github.com/twisted/twisted/pull/1047/files; let's do the same here.
* Add a test for MatrixFederationAgentRichard van der Hoff2019-01-221-0/+183
|
* put resolve_service in an objectRichard van der Hoff2019-01-221-20/+18
| | | | this makes it easier to stub things out for tests.
* Require that service_name be a byte stringRichard van der Hoff2019-01-221-4/+4
| | | | it is only ever a bytes now, so let's enforce that.
* Refactor and bugfix for resove_service (#4427)Richard van der Hoff2019-01-222-0/+223