Set SNI to the server_name, not whatever was in the SRV record

Fixes #3843
This commit is contained in:
Richard van der Hoff 2018-09-18 17:01:12 +01:00
parent 286d6930b7
commit b3097396e7
1 changed files with 10 additions and 3 deletions

View File

@ -108,7 +108,7 @@ def matrix_federation_endpoint(reactor, destination, tls_client_options_factory=
Args: Args:
reactor: Twisted reactor. reactor: Twisted reactor.
destination (bytes): The name of the server to connect to. destination (unicode): The name of the server to connect to.
tls_client_options_factory tls_client_options_factory
(synapse.crypto.context_factory.ClientTLSOptionsFactory): (synapse.crypto.context_factory.ClientTLSOptionsFactory):
Factory which generates TLS options for client connections. Factory which generates TLS options for client connections.
@ -126,10 +126,17 @@ def matrix_federation_endpoint(reactor, destination, tls_client_options_factory=
transport_endpoint = HostnameEndpoint transport_endpoint = HostnameEndpoint
default_port = 8008 default_port = 8008
else: else:
# the SNI string should be the same as the Host header, minus the port.
# as per https://github.com/matrix-org/synapse/issues/2525#issuecomment-336896777,
# the Host header and SNI should therefore be the server_name of the remote
# server.
tls_options = tls_client_options_factory.get_options(domain)
def transport_endpoint(reactor, host, port, timeout): def transport_endpoint(reactor, host, port, timeout):
return wrapClientTLS( return wrapClientTLS(
tls_client_options_factory.get_options(host), tls_options,
HostnameEndpoint(reactor, host, port, timeout=timeout)) HostnameEndpoint(reactor, host, port, timeout=timeout),
)
default_port = 8448 default_port = 8448
if port is None: if port is None: