mirrors/synapse
1
0
Fork 0
mirror of https://github.com/element-hq/synapse.git synced 2024-12-21 12:14:29 +03:00
Code Issues Projects Releases Packages Wiki Activity

Don't run validation code if validation is turned off

Browse source
This commit is contained in:
Andrew Morgan 2019-04-02 10:53:03 +01:00
parent ee0c7e1ab4
commit a7d7c5a060
3 changed files with 32 additions and 23 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
synapse/config/tls.py
View file

@ -90,10 +90,11 @@ class TlsConfig(Config):
# List of custom certificate authorities for federation traffic validation # List of custom certificate authorities for federation traffic validation
self.federation_custom_ca_list = config.get( self.federation_custom_ca_list = config.get(
"federation_custom_ca_list", [], "federation_custom_ca_list", None,
) )
# Read in and parse custom CA certificates # Read in and parse custom CA certificates
if self.federation_custom_ca_list is not None:
certs = [] certs = []
for ca_file in self.federation_custom_ca_list: for ca_file in self.federation_custom_ca_list:
logger.debug("Reading custom CA certificate file: %s", ca_file) logger.debug("Reading custom CA certificate file: %s", ca_file)
@ -112,6 +113,7 @@ class TlsConfig(Config):
logger.exception("Failed to parse custom CA certificate off disk!") logger.exception("Failed to parse custom CA certificate off disk!")
raise raise
if len(certs) > 0:
self.federation_custom_ca_list = trustRootFromCertificates(certs) self.federation_custom_ca_list = trustRootFromCertificates(certs)
# This config option applies to non-federation HTTP clients # This config option applies to non-federation HTTP clients

7
synapse/crypto/context_factory.py
View file

@ -128,10 +128,17 @@ class ClientTLSOptionsFactory(object):
def __init__(self, config): def __init__(self, config):
self._config = config self._config = config
# Check if we're using a custom list of a CA certificates
if config.federation_custom_ca_list is not None:
self._options_validate = CertificateOptions( self._options_validate = CertificateOptions(
# This option implies verify=True # This option implies verify=True
trustRoot=config.federation_custom_ca_list, trustRoot=config.federation_custom_ca_list,
) )
else:
# If not, verify using those provided by the operating environment
self._options_validate = CertificateOptions(verify=True)
self._options_novalidate = CertificateOptions(verify=False) self._options_novalidate = CertificateOptions(verify=False)
def get_options(self, host): def get_options(self, host):

2
tests/http/federation/test_matrix_federation_agent.py
View file

@ -53,7 +53,7 @@ class MatrixFederationAgentTests(TestCase):
self.agent = MatrixFederationAgent( self.agent = MatrixFederationAgent(
reactor=self.reactor, reactor=self.reactor,
tls_client_options_factory=ClientTLSOptionsFactory(None), tls_client_options_factory=ClientTLSOptionsFactory(#TODO How to deal with None config in tests???),
_well_known_tls_policy=TrustingTLSPolicyForHTTPS(), _well_known_tls_policy=TrustingTLSPolicyForHTTPS(),
_srv_resolver=self.mock_resolver, _srv_resolver=self.mock_resolver,
_well_known_cache=self.well_known_cache, _well_known_cache=self.well_known_cache,