Halaman utama Jelajahi Bantuan
Masuk
RISCI_ATOM
/
synapse
cermin dari https://github.com/matrix-org/synapse.git
1
0
Fork 0
Berkas Masalah 3 Wiki
Jelajahi Sumber

Don't look for an TLS private key if we have set --no-tls

Erik Johnston 9 tahun lalu
induk
e780492ecf
melakukan
3ce8540484
3 mengubah file dengan 17 tambahan dan 8 penghapusan
Tampilan Split Tampilkan Statistik Diff
  1. 0 3
      synapse/config/server.py
  2. 13 4
      synapse/config/tls.py
  3. 4 1
      synapse/crypto/context_factory.py

+ 0 - 3
synapse/config/server.py
Tampilan Berkas 

@@ -30,7 +30,6 @@ class ServerConfig(Config):
 
         self.pid_file = self.abspath(args.pid_file)
 
         self.webclient = True
 
         self.manhole = args.manhole
 
-        self.no_tls = args.no_tls
 
         self.soft_file_limit = args.soft_file_limit
 
 
         if not args.content_addr:
 
@@ -76,8 +75,6 @@ class ServerConfig(Config):
 
         server_group.add_argument("--content-addr", default=None,
 
                                   help="The host and scheme to use for the "
 
                                   "content repository")
 
-        server_group.add_argument("--no-tls", action='store_true',
 
-                                  help="Don't bind to the https port.")
 
         server_group.add_argument("--soft-file-limit", type=int, default=0,
 
                                   help="Set the soft limit on the number of "
 
                                        "file descriptors synapse can use. "

+ 13 - 4
synapse/config/tls.py
Tampilan Berkas 

@@ -13,7 +13,7 @@
 
 # See the License for the specific language governing permissions and
 
 # limitations under the License.
 
 
-from ._base import Config
 
+from ._base import Config, ConfigError
 
 
 from OpenSSL import crypto
 
 import subprocess
 
@@ -28,9 +28,16 @@ class TlsConfig(Config):
 
         self.tls_certificate = self.read_tls_certificate(
 
             args.tls_certificate_path
 
         )
 
-        self.tls_private_key = self.read_tls_private_key(
 
-            args.tls_private_key_path
 
-        )
 
+
 
+        self.no_tls = args.no_tls
 
+
 
+        if self.no_tls:
 
+            self.tls_private_key = None
 
+        else:
 
+            self.tls_private_key = self.read_tls_private_key(
 
+                args.tls_private_key_path
 
+            )
 
+
 
         self.tls_dh_params_path = self.check_file(
 
             args.tls_dh_params_path, "tls_dh_params"
 
         )
 
@@ -45,6 +52,8 @@ class TlsConfig(Config):
 
                                help="PEM encoded private key for TLS")
 
         tls_group.add_argument("--tls-dh-params-path",
 
                                help="PEM dh parameters for ephemeral keys")
 
+        tls_group.add_argument("--no-tls", action='store_true',
 
+                               help="Don't bind to the https port.")
 
 
     def read_tls_certificate(self, cert_path):
 
         cert_pem = self.read_file(cert_path, "tls_certificate")

+ 4 - 1
synapse/crypto/context_factory.py
Tampilan Berkas 

@@ -38,7 +38,10 @@ class ServerContextFactory(ssl.ContextFactory):
 
             logger.exception("Failed to enable eliptic curve for TLS")
 
         context.set_options(SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3)
 
         context.use_certificate(config.tls_certificate)
 
-        context.use_privatekey(config.tls_private_key)
 
+
 
+        if not config.no_tls:
 
+            context.use_privatekey(config.tls_private_key)
 
+
 
         context.load_tmp_dh(config.tls_dh_params_path)
 
         context.set_cipher_list("!ADH:HIGH+kEDH:!AECDH:HIGH+kEECDH")