From 64afbe6ccd19bb2ec94f3fbb3d91586202c924fd Mon Sep 17 00:00:00 2001
From: Matthew Hodgson <matthew@matrix.org>
Date: Wed, 8 Jul 2015 18:20:02 +0100
Subject: add new optional config for tls_certificate_chain_path for folks with
 intermediary SSL certs

---
 synapse/crypto/context_factory.py | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'synapse/crypto')

diff --git a/synapse/crypto/context_factory.py b/synapse/crypto/context_factory.py
index 2f8618a0df..ea5dd1e7d3 100644
--- a/synapse/crypto/context_factory.py
+++ b/synapse/crypto/context_factory.py
@@ -38,6 +38,8 @@ class ServerContextFactory(ssl.ContextFactory):
             logger.exception("Failed to enable eliptic curve for TLS")
         context.set_options(SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3)
         context.use_certificate(config.tls_certificate)
+        if config.tls_certificate_chain:
+            context.use_certificate_chain_file(config.tls_certificate_chain)
 
         if not config.no_tls:
             context.use_privatekey(config.tls_private_key)
-- 
cgit 1.5.1