watcha-synapse

Commit Graph

Author	SHA1	Message	Date
Richard van der Hoff	0ca2908653	fix tests	6 years ago
Richard van der Hoff	4fddf8fc77	Infer no_tls from presence of TLS listeners Rather than have to specify `no_tls` explicitly, infer whether we need to load the TLS keys etc from whether we have any TLS-enabled listeners.	6 years ago
Richard van der Hoff	086f6f27d4	Logging improvements around TLS certs Log which file we're reading keys and certs from, and refactor the code a bit in preparation for other work	6 years ago
Amber Brown	6e2a5aa050	ACME Reprovisioning (#4522 )	6 years ago
Amber Brown	4ffd10f46d	Be tolerant of blank TLS fingerprints config (#4589 )	6 years ago
Richard van der Hoff	bf1e4d96ad	Fix default ACME config for py2 (#4564 ) Fixes #4559	6 years ago
Richard van der Hoff	d7e27a1f08	fix typo in config comments (#4557 )	6 years ago
Richard van der Hoff	7615a8ced1	ACME config cleanups (#4525 ) * Handle listening for ACME requests on IPv6 addresses the weird url-but-not-actually-a-url-string doesn't handle IPv6 addresses without extra quoting. Building a string which you are about to parse again seems like a weird choice. Let's just use listenTCP, which is consistent with what we do elsewhere. * Clean up the default ACME config make it look a bit more consistent with everything else, and tweak the defaults to listen on port 80. * newsfile	6 years ago
Amber Brown	6bd4374636	Do not generate self-signed TLS certificates by default. (#4509 )	6 years ago
Amber Brown	6129e52f43	Support ACME for certificate provisioning (#4384 )	6 years ago
Amber Brown	23b0813599	Require ECDH key exchange & remove dh_params (#4429 ) * remove dh_params and set better cipher string	6 years ago
Amber Brown	49af402019	run isort	6 years ago
Jeroen	b7f34ee348	allow self-signed certificates	7 years ago
Jeroen	07b4f88de9	formatting changes for pep8	7 years ago
Jeroen	3d605853c8	send SNI for federation requests	7 years ago
Adrian Tschira	a3f9ddbede	Open certificate files as bytes That's what pyOpenSSL expects on python3 Signed-off-by: Adrian Tschira <nota@notafile.com>	7 years ago
Matthew Hodgson	5e97ca7ee6	fix typo	7 years ago
Matthew Hodgson	efd0f5a3c5	tip for generating tls_fingerprints	7 years ago
Richard van der Hoff	7216c76654	Improve error handling for missing files (#2551 ) `os.path.exists` doesn't allow us to distinguish between permissions errors and the path actually not existing, which repeatedly confuses people. It also means that we try to overwrite existing key files, which is super-confusing. (cf issues #2455, #2379). Use os.stat instead. Also, don't recomemnd the the use of --generate-config, which screws everything up if you're using debian (cf #2455).	7 years ago
Tyler Smith	df4407d665	Fix typo in config comments. Signed-off-by: Tyler Smith <tylersmith.me@gmail.com>	8 years ago
Mark Haines	c61ddeedac	Explain how long the servers can cache the TLS fingerprints for	8 years ago
Mark Haines	0af6213019	Improve comment formatting	8 years ago
Mark Haines	6e9f3ab415	Add config option for adding additional TLS fingerprints	8 years ago
Matthew Hodgson	6c28ac260c	copyrights	9 years ago
Daniel Wagner-Hall	7213588083	Implement configurable stats reporting SYN-287 This requires that HS owners either opt in or out of stats reporting. When --generate-config is passed, --report-stats must be specified If an already-generated config is used, and doesn't have the report_stats key, it is requested to be set.	9 years ago
Daniel Wagner-Hall	d4af08a167	Use shorter config key name	9 years ago
Daniel Wagner-Hall	ddfe30ba83	Better document the intent of the insecure SSL setting	9 years ago
Daniel Wagner-Hall	81a93ddcc8	Allow configuration to ignore invalid SSL certs This will be useful for sytest, and sytest only, hence the aggressive config key name.	9 years ago
Erik Johnston	294dbd712f	We don't want semicolons.	10 years ago
Matthew Hodgson	fb8d2862c1	remove the tls_certificate_chain_path param and simply support tls_certificate_path pointing to a file containing a chain of certificates	10 years ago
Matthew Hodgson	8ad2d2d1cb	document tls_certificate_chain_path more clearly	10 years ago
Matthew Hodgson	f26a3df1bf	oops, context.tls_certificate_chain_file() expects a file, not a certificate.	10 years ago
Matthew Hodgson	465acb0c6a	cough	10 years ago
Matthew Hodgson	64afbe6ccd	add new optional config for tls_certificate_chain_path for folks with intermediary SSL certs	10 years ago
Matthew Hodgson	04192ee05b	typo	10 years ago
Mark Haines	2f1348f339	Write a default log_config when generating config	10 years ago
Mark Haines	d624e2a638	Manually generate the default config yaml, remove most of the commandline arguments for synapse anticipating that people will use the yaml instead. Simpify implementing config options by not requiring the classes to hit the super class	10 years ago
Erik Johnston	e49d6b1568	Unused import	10 years ago
Erik Johnston	3ce8540484	Don't look for an TLS private key if we have set --no-tls	10 years ago
Mark Haines	adb04b1e57	Update copyright notices	10 years ago
Mark Haines	7d709542ca	Fix pep8 warnings	10 years ago
Matthew Hodgson	8a7c1d6a00	fix the copyright holder from matrix.org to OpenMarket Ltd, as matrix.org hasn't been incorporated in time for launch.	10 years ago
Mark Haines	64b341cc10	Fix typo when reading TLS config	10 years ago
Mark Haines	d45f89c95b	More helpful error messages for missing config	10 years ago
Mark Haines	8b69468e5f	Use pregenerated DH params when generating config	10 years ago
Mark Haines	9ea1de432d	Fix homeserver config parsing	10 years ago
Mark Haines	d9ebe531ed	Add config tree to synapse. Add support for reading config from a file	10 years ago

45 Commits (46b8a79b3a418ad6795e903588d1f8e12f547e2c)