Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support starting with no_tls = True and no TLS certificates #4606

Closed
wants to merge 10 commits into from
@@ -213,12 +213,17 @@ def refresh_certificate(hs):
Refresh the TLS certificates that Synapse is using by re-reading them from
disk and updating the TLS context factories to use them.
"""
logging.info("Loading certificate from disk...")
hs.config.read_certificate_from_disk()
hs.tls_server_context_factory = context_factory.ServerContextFactory(hs.config)
hs.tls_client_options_factory = context_factory.ClientTLSOptionsFactory(
hs.config
)

if hs.config.no_tls:
logging.info("Serving TLS is disabled, not loading certificates.")
return

logging.info("Loading certificate from disk...")
hs.config.read_certificate_from_disk()
hs.tls_server_context_factory = context_factory.ServerContextFactory(hs.config)
logging.info("Certificate loaded.")

if hs._listening_services:
@@ -91,9 +91,11 @@ def _listener_http(self, config, listener_config):
site_tag = listener_config.get("tag", port)

if tls and config.no_tls:
raise ConfigError(
"Listener on port %i has TLS enabled, but no_tls is set" % (port,),
logger.info(
"Listener on port %i has TLS enabled, but no_tls is set, skipping",
port,
)
return

resources = {}
for res in listener_config["resources"]:
@@ -122,10 +122,7 @@ def read_certificate_from_disk(self):
)
)

if not self.no_tls:
self.tls_private_key = self.read_tls_private_key(self.tls_private_key_file)

self.tls_fingerprints = list(self._original_tls_fingerprints)

This comment has been minimized.

Copy link
@richvdh

richvdh Feb 11, 2019

Member

is this not important?

self.tls_private_key = self.read_tls_private_key(self.tls_private_key_file)

# Check that our own certificate is included in the list of fingerprints
# and include it if it is not.
ProTip! Use n and p to navigate between commits in a pull request.
You can’t perform that action at this time.