Merge branch 'develop' of github.com:matrix-org/synapse into erikj/receipts
This commit is contained in:
commit
4019b48aaa
|
@ -27,6 +27,7 @@ class TlsConfig(Config):
|
||||||
self.tls_certificate = self.read_tls_certificate(
|
self.tls_certificate = self.read_tls_certificate(
|
||||||
config.get("tls_certificate_path")
|
config.get("tls_certificate_path")
|
||||||
)
|
)
|
||||||
|
self.tls_certificate_file = config.get("tls_certificate_path")
|
||||||
|
|
||||||
self.no_tls = config.get("no_tls", False)
|
self.no_tls = config.get("no_tls", False)
|
||||||
|
|
||||||
|
@ -49,7 +50,11 @@ class TlsConfig(Config):
|
||||||
tls_dh_params_path = base_key_name + ".tls.dh"
|
tls_dh_params_path = base_key_name + ".tls.dh"
|
||||||
|
|
||||||
return """\
|
return """\
|
||||||
# PEM encoded X509 certificate for TLS
|
# PEM encoded X509 certificate for TLS.
|
||||||
|
# You can replace the self-signed certificate that synapse
|
||||||
|
# autogenerates on launch with your own SSL certificate + key pair
|
||||||
|
# if you like. Any required intermediary certificates can be
|
||||||
|
# appended after the primary certificate in hierarchical order.
|
||||||
tls_certificate_path: "%(tls_certificate_path)s"
|
tls_certificate_path: "%(tls_certificate_path)s"
|
||||||
|
|
||||||
# PEM encoded private key for TLS
|
# PEM encoded private key for TLS
|
||||||
|
|
|
@ -35,9 +35,9 @@ class ServerContextFactory(ssl.ContextFactory):
|
||||||
_ecCurve = _OpenSSLECCurve(_defaultCurveName)
|
_ecCurve = _OpenSSLECCurve(_defaultCurveName)
|
||||||
_ecCurve.addECKeyToContext(context)
|
_ecCurve.addECKeyToContext(context)
|
||||||
except:
|
except:
|
||||||
logger.exception("Failed to enable eliptic curve for TLS")
|
logger.exception("Failed to enable elliptic curve for TLS")
|
||||||
context.set_options(SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3)
|
context.set_options(SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3)
|
||||||
context.use_certificate(config.tls_certificate)
|
context.use_certificate_chain_file(config.tls_certificate_file)
|
||||||
|
|
||||||
if not config.no_tls:
|
if not config.no_tls:
|
||||||
context.use_privatekey(config.tls_private_key)
|
context.use_privatekey(config.tls_private_key)
|
||||||
|
|
Loading…
Reference in New Issue