Mirrors
/
synapse
mirror of https://github.com/element-hq/synapse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Remove redundant code to reload tls cert (#10054) 

we don't need to reload the tls cert if we don't have any tls listeners.

Follow-up to #9280.
This commit is contained in:
Richard van der Hoff 2021-05-27 10:34:24 +01:00 committed by GitHub
parent 224f2f949b
commit fe5dad46b0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 6 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
changelog.d/10054.misc Normal file
View File

@ -0,0 +1 @@
Remove some dead code regarding TLS certificate handling.

5
synapse/app/_base.py
View File

@ -261,13 +261,10 @@ def refresh_certificate(hs):
Refresh the TLS certificates that Synapse is using by re-reading them from Refresh the TLS certificates that Synapse is using by re-reading them from
disk and updating the TLS context factories to use them. disk and updating the TLS context factories to use them.
""" """
if not hs.config.has_tls_listener(): if not hs.config.has_tls_listener():
# attempt to reload the certs for the good of the tls_fingerprints
hs.config.read_certificate_from_disk(require_cert_and_key=False)
return return
hs.config.read_certificate_from_disk(require_cert_and_key=True) hs.config.read_certificate_from_disk()
hs.tls_server_context_factory = context_factory.ServerContextFactory(hs.config) hs.tls_server_context_factory = context_factory.ServerContextFactory(hs.config)
if hs._listening_services: if hs._listening_services:

22
synapse/config/tls.py
View File

@ -215,28 +215,12 @@ class TlsConfig(Config):
days_remaining = (expires_on - now).days days_remaining = (expires_on - now).days
return days_remaining return days_remaining
def read_certificate_from_disk(self, require_cert_and_key: bool): def read_certificate_from_disk(self):
""" """
Read the certificates and private key from disk. Read the certificates and private key from disk.
Args:
require_cert_and_key: set to True to throw an error if the certificate
and key file are not given
""" """
if require_cert_and_key: self.tls_private_key = self.read_tls_private_key()
self.tls_private_key = self.read_tls_private_key() self.tls_certificate = self.read_tls_certificate()
self.tls_certificate = self.read_tls_certificate()
elif self.tls_certificate_file:
# we only need the certificate for the tls_fingerprints. Reload it if we
# can, but it's not a fatal error if we can't.
try:
self.tls_certificate = self.read_tls_certificate()
except Exception as e:
logger.info(
"Unable to read TLS certificate (%s). Ignoring as no "
"tls listeners enabled.",
e,
)
def generate_config_section( def generate_config_section(
self, self,

3
tests/config/test_tls.py
View File

@ -74,12 +74,11 @@ s4niecZKPBizL6aucT59CsunNmmb5Glq8rlAcU+1ZTZZzGYqVYhF6axB9Qg=
config = { config = {
"tls_certificate_path": os.path.join(config_dir, "cert.pem"), "tls_certificate_path": os.path.join(config_dir, "cert.pem"),
"tls_fingerprints": [],
} }
t = TestConfig() t = TestConfig()
t.read_config(config, config_dir_path="", data_dir_path="") t.read_config(config, config_dir_path="", data_dir_path="")
t.read_certificate_from_disk(require_cert_and_key=False) t.read_tls_certificate()
warnings = self.flushWarnings() warnings = self.flushWarnings()
self.assertEqual(len(warnings), 1) self.assertEqual(len(warnings), 1)