Matrix-Mirrors/anonymousland-synapse
1
0
Fork 0
mirror of https://git.anonymousland.org/anonymousland/synapse.git synced 2025-05-02 14:56:42 -04:00
Code Issues Projects Releases Packages Wiki Activity

Fix well-known lookups with the federation certificate whitelist (#5997)

Browse source
This commit is contained in:
Amber Brown 2019-09-14 04:58:38 +10:00 committed by GitHub
parent c755955f33
commit 850dcfd2d3
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 63 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

9
synapse/config/tls.py
View file

@ -110,8 +110,15 @@ class TlsConfig(Config):
# Support globs (*) in whitelist values
self.federation_certificate_verification_whitelist = []
for entry in fed_whitelist_entries:
try:
entry_regex = glob_to_regex(entry.encode("ascii").decode("ascii"))
except UnicodeEncodeError:
raise ConfigError(
"IDNA domain names are not allowed in the "
"federation_certificate_verification_whitelist: %s" % (entry,)
)
# Convert globs to regex
entry_regex = glob_to_regex(entry)
self.federation_certificate_verification_whitelist.append(entry_regex)
# List of custom certificate authorities for federation traffic validation