Merge pull request #3439 from vojeroen/send_sni_for_federation_requests

send SNI for federation requests
2025-08-01 16:26:05 -04:00 · 2018-08-10 12:23:54 +01:00 · 2018-08-10 12:23:54 +01:00 · 3c0213a217
commit 3c0213a217
parent 0ad98e38d0 2e9c73e8ca
15 changed files with 113 additions and 16 deletions
--- a/synapse/http/endpoint.py
+++ b/synapse/http/endpoint.py
@ -26,7 +26,6 @@ from twisted.names.error import DNSNameError, DomainError

 logger = logging.getLogger(__name__)

-
 SERVER_CACHE = {}

 # our record of an individual server which can be tried to reach a destination.
@ -103,15 +102,16 @@ def parse_and_validate_server_name(server_name):
    return host, port


-def matrix_federation_endpoint(reactor, destination, ssl_context_factory=None,
+def matrix_federation_endpoint(reactor, destination, tls_client_options_factory=None,
                               timeout=None):
    """Construct an endpoint for the given matrix destination.

    Args:
        reactor: Twisted reactor.
        destination (bytes): The name of the server to connect to.
-        ssl_context_factory (twisted.internet.ssl.ContextFactory): Factory
-            which generates SSL contexts to use for TLS.
+        tls_client_options_factory
+            (synapse.crypto.context_factory.ClientTLSOptionsFactory):
+            Factory which generates TLS options for client connections.
        timeout (int): connection timeout in seconds
    """

@ -122,13 +122,13 @@ def matrix_federation_endpoint(reactor, destination, ssl_context_factory=None,
    if timeout is not None:
        endpoint_kw_args.update(timeout=timeout)

-    if ssl_context_factory is None:
+    if tls_client_options_factory is None:
        transport_endpoint = HostnameEndpoint
        default_port = 8008
    else:
        def transport_endpoint(reactor, host, port, timeout):
            return wrapClientTLS(
-                ssl_context_factory,
+                tls_client_options_factory.get_options(host),
                HostnameEndpoint(reactor, host, port, timeout=timeout))
        default_port = 8448

--- a/synapse/http/matrixfederationclient.py
+++ b/synapse/http/matrixfederationclient.py
@ -61,14 +61,14 @@ MAX_SHORT_RETRIES = 3

 class MatrixFederationEndpointFactory(object):
    def __init__(self, hs):
-        self.tls_server_context_factory = hs.tls_server_context_factory
+        self.tls_client_options_factory = hs.tls_client_options_factory

    def endpointForURI(self, uri):
        destination = uri.netloc

        return matrix_federation_endpoint(
            reactor, destination, timeout=10,
-            ssl_context_factory=self.tls_server_context_factory
+            tls_client_options_factory=self.tls_client_options_factory
        )