mirror of
https://github.com/element-hq/synapse.git
synced 2024-12-22 12:44:30 +03:00
consolidate logic
This commit is contained in:
Andrew Morgan
parent
da23aa26c5
commit
2325928149
1 changed files with 19 additions and 24 deletions
|
|
@ -88,36 +88,31 @@ class TlsConfig(Config):
|
||||||
for domain in federation_certificate_verification_whitelist:
|
for domain in federation_certificate_verification_whitelist:
|
||||||
self.federation_certificate_verification_whitelist[domain] = True
|
self.federation_certificate_verification_whitelist[domain] = True
|
||||||
|
|
||||||
# List of custom certificate authorities for TLS verification
|
# List of custom certificate authorities for federation traffic validation
|
||||||
self.federation_custom_ca_list = config.get(
|
self.federation_custom_ca_list = config.get(
|
||||||
"federation_custom_ca_list", [],
|
"federation_custom_ca_list", [],
|
||||||
)
|
)
|
||||||
|
|
||||||
# Read in the CA certificates
|
# Read in and parse custom CA certificates
|
||||||
cert_contents = []
|
|
||||||
try:
|
|
||||||
for ca_file in self.federation_custom_ca_list:
|
|
||||||
logger.debug("Reading custom CA certificate file: %s", ca_file)
|
|
||||||
with open(ca_file, 'rb') as f:
|
|
||||||
cert_contents.append(f.read())
|
|
||||||
except Exception:
|
|
||||||
logger.exception("Failed to read custom CA certificate off disk!")
|
|
||||||
raise
|
|
||||||
|
|
||||||
# Parse the CA certificates
|
|
||||||
certs = []
|
certs = []
|
||||||
try:
|
for ca_file in self.federation_custom_ca_list:
|
||||||
for content in cert_contents:
|
logger.debug("Reading custom CA certificate file: %s", ca_file)
|
||||||
logger.debug("Parsing custom CA certificate file: %s", ca_file)
|
try:
|
||||||
cert_base = Certificate.loadPEM(cert_contents)
|
with open(ca_file, 'rb') as f:
|
||||||
|
content = f.read()
|
||||||
|
except Exception:
|
||||||
|
logger.exception("Failed to read custom CA certificate off disk!")
|
||||||
|
raise
|
||||||
|
|
||||||
|
# Parse the CA certificates
|
||||||
|
try:
|
||||||
|
cert_base = Certificate.loadPEM(content)
|
||||||
certs.append(cert_base)
|
certs.append(cert_base)
|
||||||
|
except Exception:
|
||||||
trust_root = trustRootFromCertificates(certs)
|
logger.exception("Failed to parse custom CA certificate off disk!")
|
||||||
except Exception:
|
raise
|
||||||
logger.exception("Failed to parse custom CA certificate off disk!")
|
|
||||||
raise
|
self.federation_custom_ca_list = trustRootFromCertificates(certs)
|
||||||
|
|
||||||
self.federation_custom_ca_list = trust_root
|
|
||||||
|
|
||||||
# This config option applies to non-federation HTTP clients
|
# This config option applies to non-federation HTTP clients
|
||||||
# (e.g. for talking to recaptcha, identity servers, and such)
|
# (e.g. for talking to recaptcha, identity servers, and such)
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue