mirror of
https://github.com/element-hq/synapse.git
synced 2024-12-21 12:14:29 +03:00
fix domain whitelist
This commit is contained in:
parent
999f7db6b0
commit
507cdf2b6f
4 changed files with 11 additions and 15 deletions
|
@ -259,24 +259,17 @@ listeners:
|
|||
|
||||
# Whether to verify TLS certificates when sending federation traffic.
|
||||
#
|
||||
# This currently defaults to `false`, however this will change in
|
||||
# Synapse 1.0 when valid federation certificates will be required.
|
||||
#
|
||||
#federation_verify_certificates: true
|
||||
|
||||
# Skip federation certificate validation on the following whitelist of
|
||||
# domains.
|
||||
#
|
||||
# Note that this should only be used within the context of private
|
||||
# federation as it will otherwise break things.
|
||||
#
|
||||
# Only effective if federation_verify_certicates is `true`.
|
||||
# Prevent federation certificate validation on the following whitelist
|
||||
# of domains. Only effective if federation_verify_certicates is true.
|
||||
#
|
||||
#federation_certificate_validation_whitelist:
|
||||
# - lon.example.com
|
||||
# - nyc.example.com
|
||||
# - syd.example.com
|
||||
|
||||
|
||||
# List of custom certificate authorities for federation traffic.
|
||||
#
|
||||
# Note that this list will replace those that are provided by your
|
||||
|
|
|
@ -111,10 +111,14 @@ class ServerConfig(Config):
|
|||
self.admin_contact = config.get("admin_contact", None)
|
||||
|
||||
# FIXME: federation_domain_whitelist needs sytests
|
||||
self.federation_domain_whitelist = {}
|
||||
federation_domain_whitelist = config.get(
|
||||
"federation_domain_whitelist", [],
|
||||
)
|
||||
|
||||
self.federation_domain_whitelist = None
|
||||
if len(federation_domain_whitelist) > 0:
|
||||
self.federation_domain_whitelist = {}
|
||||
|
||||
# turn the whitelist into a hash for speed of lookup
|
||||
for domain in federation_domain_whitelist:
|
||||
self.federation_domain_whitelist[domain] = True
|
||||
|
|
|
@ -242,15 +242,15 @@ class TlsConfig(Config):
|
|||
#
|
||||
#federation_verify_certificates: true
|
||||
|
||||
# Skip federation certificate validation on the following whitelist of
|
||||
# domains.
|
||||
# Skip federation certificate verification on the following whitelist
|
||||
# of domains.
|
||||
#
|
||||
# Note that this should only be used within the context of private
|
||||
# federation as it will otherwise break things.
|
||||
#
|
||||
# Only effective if federation_verify_certicates is `true`.
|
||||
#
|
||||
#federation_certificate_validation_whitelist:
|
||||
#federation_certificate_verification_whitelist:
|
||||
# - lon.example.com
|
||||
# - nyc.example.com
|
||||
# - syd.example.com
|
||||
|
|
|
@ -131,7 +131,6 @@ class ClientTLSOptionsFactory(object):
|
|||
|
||||
def __init__(self, config):
|
||||
self._config = config
|
||||
|
||||
self._options_noverify = CertificateOptions()
|
||||
|
||||
# Check if we're using a custom list of a CA certificates
|
||||
|
|
Loading…
Reference in a new issue