diff --git a/synapse/http/client.py b/synapse/http/client.py index 3ec9bc7faf..ca2f770f5d 100644 --- a/synapse/http/client.py +++ b/synapse/http/client.py @@ -25,7 +25,7 @@ from synapse.http.endpoint import SpiderEndpoint from canonicaljson import encode_canonical_json from twisted.internet import defer, reactor, ssl, protocol, task -from twisted.internet.endpoints import SSL4ClientEndpoint, TCP4ClientEndpoint +from twisted.internet.endpoints import HostnameEndpoint, wrapClientTLS from twisted.web.client import ( BrowserLikeRedirectAgent, ContentDecoderAgent, GzipDecoder, Agent, readBody, PartialDownloadError, @@ -386,26 +386,23 @@ class SpiderEndpointFactory(object): def endpointForURI(self, uri): logger.info("Getting endpoint for %s", uri.toBytes()) + if uri.scheme == "http": - return SpiderEndpoint( - reactor, uri.host, uri.port, self.blacklist, self.whitelist, - endpoint=TCP4ClientEndpoint, - endpoint_kw_args={ - 'timeout': 15 - }, - ) + endpoint_factory = HostnameEndpoint elif uri.scheme == "https": - tlsPolicy = self.policyForHTTPS.creatorForNetloc(uri.host, uri.port) - return SpiderEndpoint( - reactor, uri.host, uri.port, self.blacklist, self.whitelist, - endpoint=SSL4ClientEndpoint, - endpoint_kw_args={ - 'sslContextFactory': tlsPolicy, - 'timeout': 15 - }, - ) + tlsCreator = self.policyForHTTPS.creatorForNetloc(uri.host, uri.port) + + def endpoint_factory(reactor, host, port, **kw): + return wrapClientTLS( + tlsCreator, + HostnameEndpoint(reactor, host, port, **kw)) else: logger.warn("Can't get endpoint for unrecognised scheme %s", uri.scheme) + return None + return SpiderEndpoint( + reactor, uri.host, uri.port, self.blacklist, self.whitelist, + endpoint=endpoint_factory, endpoint_kw_args=dict(timeout=15), + ) class SpiderHttpClient(SimpleHttpClient): diff --git a/synapse/http/endpoint.py b/synapse/http/endpoint.py index 442696d393..1c17a28406 100644 --- a/synapse/http/endpoint.py +++ b/synapse/http/endpoint.py @@ -13,7 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -from twisted.internet.endpoints import SSL4ClientEndpoint, TCP4ClientEndpoint +from twisted.internet.endpoints import HostnameEndpoint, wrapClientTLS from twisted.internet import defer from twisted.internet.error import ConnectError from twisted.names import client, dns @@ -58,11 +58,13 @@ def matrix_federation_endpoint(reactor, destination, ssl_context_factory=None, endpoint_kw_args.update(timeout=timeout) if ssl_context_factory is None: - transport_endpoint = TCP4ClientEndpoint + transport_endpoint = HostnameEndpoint default_port = 8008 else: - transport_endpoint = SSL4ClientEndpoint - endpoint_kw_args.update(sslContextFactory=ssl_context_factory) + def transport_endpoint(reactor, host, port, timeout): + return wrapClientTLS( + ssl_context_factory, + HostnameEndpoint(reactor, host, port, timeout=timeout)) default_port = 8448 if port is None: @@ -80,7 +82,7 @@ class SpiderEndpoint(object): Implements twisted.internet.interfaces.IStreamClientEndpoint. """ def __init__(self, reactor, host, port, blacklist, whitelist, - endpoint=TCP4ClientEndpoint, endpoint_kw_args={}): + endpoint=HostnameEndpoint, endpoint_kw_args={}): self.reactor = reactor self.host = host self.port = port @@ -118,7 +120,7 @@ class SRVClientEndpoint(object): """ def __init__(self, reactor, service, domain, protocol="tcp", - default_port=None, endpoint=TCP4ClientEndpoint, + default_port=None, endpoint=HostnameEndpoint, endpoint_kw_args={}): self.reactor = reactor self.service_name = "_%s._%s.%s" % (service, protocol, domain) diff --git a/synapse/python_dependencies.py b/synapse/python_dependencies.py index 3742a25b37..7817b0cd91 100644 --- a/synapse/python_dependencies.py +++ b/synapse/python_dependencies.py @@ -24,7 +24,7 @@ REQUIREMENTS = { "signedjson>=1.0.0": ["signedjson>=1.0.0"], "pynacl==0.3.0": ["nacl==0.3.0", "nacl.bindings"], "service_identity>=1.0.0": ["service_identity>=1.0.0"], - "Twisted>=15.1.0": ["twisted>=15.1.0"], + "Twisted>=16.0.0": ["twisted>=16.0.0"], "pyopenssl>=0.14": ["OpenSSL>=0.14"], "pyyaml": ["yaml"], "pyasn1": ["pyasn1"],