Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Infer no_tls from presence of TLS listeners #4613

Merged
merged 7 commits into from Feb 12, 2019

Conversation

Projects
None yet
3 participants
@richvdh
Copy link
Member

commented Feb 11, 2019

Rather than have to specify no_tls explicitly, infer whether we need to load
the TLS keys etc from whether we have any TLS-enabled listeners.

Based on #4615, #4616, #4617

@richvdh richvdh referenced this pull request Feb 11, 2019

Merged

Disable TLS by default #4614

@richvdh richvdh requested a review from matrix-org/synapse-core Feb 11, 2019

Logging improvements around TLS certs
Log which file we're reading keys and certs from, and refactor the code a bit
in preparation for other work

@richvdh richvdh force-pushed the rav/deprecate_no_tls branch from 1242963 to 2785cac Feb 11, 2019

@richvdh richvdh removed the request for review from matrix-org/synapse-core Feb 11, 2019

richvdh added some commits Feb 11, 2019

Fail cleanly if listener config lacks a 'port'
... otherwise we would fail with a mysterious KeyError or something later.
Don't create server contexts when TLS is disabled
we aren't going to use them anyway.
Infer no_tls from presence of TLS listeners
Rather than have to specify `no_tls` explicitly, infer whether we need to load
the TLS keys etc from whether we have any TLS-enabled listeners.

@richvdh richvdh force-pushed the rav/deprecate_no_tls branch from 2785cac to 4fddf8f Feb 11, 2019

@codecov-io

This comment has been minimized.

Copy link

commented Feb 11, 2019

Codecov Report

Merging #4613 into develop will decrease coverage by <.01%.
The diff coverage is 62.85%.

@@             Coverage Diff             @@
##           develop    #4613      +/-   ##
===========================================
- Coverage    75.31%   75.31%   -0.01%     
===========================================
  Files          338      338              
  Lines        34540    34552      +12     
  Branches      5643     5647       +4     
===========================================
+ Hits         26013    26022       +9     
- Misses        6941     6943       +2     
- Partials      1586     1587       +1

@richvdh richvdh requested a review from matrix-org/synapse-core Feb 11, 2019

richvdh added a commit that referenced this pull request Feb 11, 2019

Remove redundant entries from docker config
* no_tls is now redundant (#4613)
* we don't need a dummy cert any more (#4618)

@erikjohnston erikjohnston merged commit 8a2e316 into develop Feb 12, 2019

5 checks passed

ci/circleci: sytestpy2merged Your tests passed on CircleCI!
Details
ci/circleci: sytestpy2postgresmerged Your tests passed on CircleCI!
Details
ci/circleci: sytestpy3merged Your tests passed on CircleCI!
Details
ci/circleci: sytestpy3postgresmerged Your tests passed on CircleCI!
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details

richvdh added a commit that referenced this pull request Feb 14, 2019

Merge tag 'v0.99.1'
Synapse 0.99.1 (2019-02-14)
===========================

Features
--------

- Include m.room.encryption on invites by default ([\#3902](#3902))
- Federation OpenID listener resource can now be activated even if federation is disabled ([\#4420](#4420))
- Synapse's ACME support will now correctly reprovision a certificate that approaches its expiry while Synapse is running. ([\#4522](#4522))
- Add ability to update backup versions ([\#4580](#4580))
- Allow the "unavailable" presence status for /sync.
  This change makes Synapse compliant with r0.4.0 of the Client-Server specification. ([\#4592](#4592))
- There is no longer any need to specify `no_tls`: it is inferred from the absence of TLS listeners ([\#4613](#4613), [\#4615](#4615), [\#4617](#4617), [\#4636](#4636))
- The default configuration no longer requires TLS certificates. ([\#4614](#4614))

Bugfixes
--------

- Copy over room federation ability on room upgrade. ([\#4530](#4530))
- Fix noisy "twisted.internet.task.TaskStopped" errors in logs ([\#4546](#4546))
- Synapse is now tolerant of the `tls_fingerprints` option being None or not specified. ([\#4589](#4589))
- Fix 'no unique or exclusion constraint' error ([\#4591](#4591))
- Transfer Server ACLs on room upgrade. ([\#4608](#4608))
- Fix failure to start when not TLS certificate was given even if TLS was disabled. ([\#4618](#4618))
- Fix self-signed cert notice from generate-config. ([\#4625](#4625))
- Fix performance of `user_ips` table deduplication background update ([\#4626](#4626), [\#4627](#4627))

Internal Changes
----------------

- Change the user directory state query to use a filtered call to the db instead of a generic one. ([\#4462](#4462))
- Reject federation transactions if they include more than 50 PDUs or 100 EDUs. ([\#4513](#4513))
- Reduce duplication of ``synapse.app`` code. ([\#4567](#4567))
- Fix docker upload job to push -py2 images. ([\#4576](#4576))
- Add port configuration information to ACME instructions. ([\#4578](#4578))
- Update MSC1711 FAQ to calrify .well-known usage ([\#4584](#4584))
- Clean up default listener configuration ([\#4586](#4586))
- Clarifications for reverse proxy docs ([\#4607](#4607))
- Move ClientTLSOptionsFactory init out of `refresh_certificates` ([\#4611](#4611))
- Fail cleanly if listener config lacks a 'port' ([\#4616](#4616))
- Remove redundant entries from docker config ([\#4619](#4619))
- README updates ([\#4621](#4621))

@richvdh richvdh deleted the rav/deprecate_no_tls branch Feb 20, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.