mirrors/synapse
1
0
Fork 0
mirror of https://github.com/element-hq/synapse.git synced 2024-12-21 12:14:29 +03:00
Code Issues Projects Releases Packages Wiki Activity

Address changes

Browse source
This commit is contained in:
Andrew Morgan 2019-04-04 15:47:12 +01:00
parent e337c2d9db
commit 433db40f6e
3 changed files with 7 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
synapse/config/tls.py
View file

@ -81,11 +81,8 @@ class TlsConfig(Config):
"federation_certificate_verification_whitelist", [], "federation_certificate_verification_whitelist", [],
) )
self.federation_certificate_verification_whitelist = None
if len(federation_certificate_verification_whitelist) > 0:
self.federation_certificate_verification_whitelist = {}
# Store whitelisted domains in a hash for fast lookup # Store whitelisted domains in a hash for fast lookup
self.federation_certificate_verification_whitelist = {}
for domain in federation_certificate_verification_whitelist: for domain in federation_certificate_verification_whitelist:
self.federation_certificate_verification_whitelist[domain] = True self.federation_certificate_verification_whitelist[domain] = True

13
synapse/crypto/context_factory.py
View file

@ -142,13 +142,12 @@ class ClientTLSOptionsFactory(object):
# Use _makeContext so that we get a fresh OpenSSL CTX each time. # Use _makeContext so that we get a fresh OpenSSL CTX each time.
# Check if certificate verification has been enabled # Check if certificate verification has been enabled
if (self._config.federation_verify_certificates): should_verify = self._config.federation_verify_certificates
# and if the host is whitelisted against it
if (self._config.federation_certificate_verification_whitelist and
host in self._config.federation_certificate_verification_whitelist):
return ClientTLSOptionsNoVerify(host, self._options_noverify._makeContext())
# Check if we've disabled certificate verification for this host
if should_verify and host in self._config.federation_certificate_verification_whitelist:
should_verify = False
if should_verify:
return ClientTLSOptions(host, self._options_verify._makeContext()) return ClientTLSOptions(host, self._options_verify._makeContext())
# Otherwise don't require verification
return ClientTLSOptionsNoVerify(host, self._options_noverify._makeContext()) return ClientTLSOptionsNoVerify(host, self._options_noverify._makeContext())

3
tests/utils.py
View file

@ -137,9 +137,6 @@ def default_config(name):
config.email_enable_notifs = False config.email_enable_notifs = False
config.block_non_admin_invites = False config.block_non_admin_invites = False
config.federation_domain_whitelist = None config.federation_domain_whitelist = None
config.federation_certificate_verification_whitelist = None
config.federation_custom_ca_list = None
config.federation_verify_certificates = False
config.federation_rc_reject_limit = 10 config.federation_rc_reject_limit = 10
config.federation_rc_sleep_limit = 10 config.federation_rc_sleep_limit = 10
config.federation_rc_sleep_delay = 100 config.federation_rc_sleep_delay = 100