This commit is contained in:
Andrew Morgan 2019-04-01 15:01:10 +01:00
parent 2325928149
commit 0ce5b5bcfe
2 changed files with 4 additions and 5 deletions

View file

@ -111,7 +111,7 @@ class TlsConfig(Config):
except Exception:
logger.exception("Failed to parse custom CA certificate off disk!")
raise
self.federation_custom_ca_list = trustRootFromCertificates(certs)
# This config option applies to non-federation HTTP clients

View file

@ -127,7 +127,6 @@ class ClientTLSOptionsFactory(object):
to remote servers for federation."""
def __init__(self, config):
# We don't use config options yet
self._options_validate = CertificateOptions(
# This option implies verify=True
trustRoot=config.federation_custom_ca_list,
@ -137,11 +136,11 @@ class ClientTLSOptionsFactory(object):
def get_options(self, host, config):
# Use _makeContext so that we get a fresh OpenSSL CTX each time.
# Check if certificate validation has been enabled
# Check if certificate verification has been enabled
if (config.federation_verify_certificates and
host not in config.federation_certificate_validation_whitelist):
# Require validation
# Require verification
return ClientTLSOptions(host, self._options_validate._makeContext())
# Otherwise don't require validation
# Otherwise don't require verification
return ClientTLSOptions(host, self._options_novalidate._makeContext())