From 0ce5b5bcfe0481ac6865cc7aaec182c49e92b519 Mon Sep 17 00:00:00 2001 From: Andrew Morgan Date: Mon, 1 Apr 2019 15:01:10 +0100 Subject: [PATCH] words --- synapse/config/tls.py | 2 +- synapse/crypto/context_factory.py | 7 +++---- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/synapse/config/tls.py b/synapse/config/tls.py index ed113ee833..63ee3386ed 100644 --- a/synapse/config/tls.py +++ b/synapse/config/tls.py @@ -111,7 +111,7 @@ class TlsConfig(Config): except Exception: logger.exception("Failed to parse custom CA certificate off disk!") raise - + self.federation_custom_ca_list = trustRootFromCertificates(certs) # This config option applies to non-federation HTTP clients diff --git a/synapse/crypto/context_factory.py b/synapse/crypto/context_factory.py index 2c2bfa3a89..bfdcd23959 100644 --- a/synapse/crypto/context_factory.py +++ b/synapse/crypto/context_factory.py @@ -127,7 +127,6 @@ class ClientTLSOptionsFactory(object): to remote servers for federation.""" def __init__(self, config): - # We don't use config options yet self._options_validate = CertificateOptions( # This option implies verify=True trustRoot=config.federation_custom_ca_list, @@ -137,11 +136,11 @@ class ClientTLSOptionsFactory(object): def get_options(self, host, config): # Use _makeContext so that we get a fresh OpenSSL CTX each time. - # Check if certificate validation has been enabled + # Check if certificate verification has been enabled if (config.federation_verify_certificates and host not in config.federation_certificate_validation_whitelist): - # Require validation + # Require verification return ClientTLSOptions(host, self._options_validate._makeContext()) - # Otherwise don't require validation + # Otherwise don't require verification return ClientTLSOptions(host, self._options_novalidate._makeContext())