Merge pull request #3907 from matrix-org/rav/set_sni_to_server_name

Set SNI to the server_name, not whatever was in the SRV record
This commit is contained in:
Amber Brown 2018-09-19 17:59:33 +10:00 committed by GitHub
commit 3d6b24fb1b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 11 additions and 3 deletions

1
changelog.d/3907.bugfix Normal file
View File

@ -0,0 +1 @@
Fix incorrect server-name indication for outgoing federation requests

View File

@ -108,7 +108,7 @@ def matrix_federation_endpoint(reactor, destination, tls_client_options_factory=
Args: Args:
reactor: Twisted reactor. reactor: Twisted reactor.
destination (bytes): The name of the server to connect to. destination (unicode): The name of the server to connect to.
tls_client_options_factory tls_client_options_factory
(synapse.crypto.context_factory.ClientTLSOptionsFactory): (synapse.crypto.context_factory.ClientTLSOptionsFactory):
Factory which generates TLS options for client connections. Factory which generates TLS options for client connections.
@ -126,10 +126,17 @@ def matrix_federation_endpoint(reactor, destination, tls_client_options_factory=
transport_endpoint = HostnameEndpoint transport_endpoint = HostnameEndpoint
default_port = 8008 default_port = 8008
else: else:
# the SNI string should be the same as the Host header, minus the port.
# as per https://github.com/matrix-org/synapse/issues/2525#issuecomment-336896777,
# the Host header and SNI should therefore be the server_name of the remote
# server.
tls_options = tls_client_options_factory.get_options(domain)
def transport_endpoint(reactor, host, port, timeout): def transport_endpoint(reactor, host, port, timeout):
return wrapClientTLS( return wrapClientTLS(
tls_client_options_factory.get_options(host), tls_options,
HostnameEndpoint(reactor, host, port, timeout=timeout)) HostnameEndpoint(reactor, host, port, timeout=timeout),
)
default_port = 8448 default_port = 8448
if port is None: if port is None: