From 507cdf2b6f00317e88a76809511239766b5656b9 Mon Sep 17 00:00:00 2001
From: Andrew Morgan <andrew@amorgan.xyz>
Date: Wed, 3 Apr 2019 11:57:09 +0100
Subject: fix domain whitelist

---
 synapse/config/server.py          | 6 +++++-
 synapse/config/tls.py             | 6 +++---
 synapse/crypto/context_factory.py | 1 -
 3 files changed, 8 insertions(+), 5 deletions(-)

(limited to 'synapse')

diff --git a/synapse/config/server.py b/synapse/config/server.py
index aa2bb0d040..f55a71d508 100644
--- a/synapse/config/server.py
+++ b/synapse/config/server.py
@@ -111,10 +111,14 @@ class ServerConfig(Config):
         self.admin_contact = config.get("admin_contact", None)
 
         # FIXME: federation_domain_whitelist needs sytests
-        self.federation_domain_whitelist = {}
         federation_domain_whitelist = config.get(
             "federation_domain_whitelist", [],
         )
+
+        self.federation_domain_whitelist = None
+        if len(federation_domain_whitelist) > 0:
+            self.federation_domain_whitelist = {}
+
         # turn the whitelist into a hash for speed of lookup
         for domain in federation_domain_whitelist:
             self.federation_domain_whitelist[domain] = True
diff --git a/synapse/config/tls.py b/synapse/config/tls.py
index 7dbf41887b..d157e310e4 100644
--- a/synapse/config/tls.py
+++ b/synapse/config/tls.py
@@ -242,15 +242,15 @@ class TlsConfig(Config):
         #
         #federation_verify_certificates: true
 
-        # Skip federation certificate validation on the following whitelist of
-        # domains.
+        # Skip federation certificate verification on the following whitelist
+        # of domains.
         #
         # Note that this should only be used within the context of private
         # federation as it will otherwise break things.
         #
         # Only effective if federation_verify_certicates is `true`.
         #
-        #federation_certificate_validation_whitelist:
+        #federation_certificate_verification_whitelist:
         #  - lon.example.com
         #  - nyc.example.com
         #  - syd.example.com
diff --git a/synapse/crypto/context_factory.py b/synapse/crypto/context_factory.py
index e2b5ce173b..1ee87cdd13 100644
--- a/synapse/crypto/context_factory.py
+++ b/synapse/crypto/context_factory.py
@@ -131,7 +131,6 @@ class ClientTLSOptionsFactory(object):
 
     def __init__(self, config):
         self._config = config
-
         self._options_noverify = CertificateOptions()
 
         # Check if we're using a custom list of a CA certificates
-- 
cgit 1.5.1