Matrix-Mirrors/anonymousland-synapse
1
0
Fork 0
mirror of https://git.anonymousland.org/anonymousland/synapse.git synced 2025-05-02 12:16:09 -04:00
Code Issues Projects Releases Packages Wiki Activity

Validate federation server TLS certificates by default.

Browse source
This commit is contained in:
Richard van der Hoff 2019-06-05 14:16:07 +01:00
parent 14f13babb0
commit e2dfb922e1
3 changed files with 15 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

10
synapse/config/tls.py
View file

@ -74,7 +74,7 @@ class TlsConfig(Config):
# Whether to verify certificates on outbound federation traffic
self.federation_verify_certificates = config.get(
"federation_verify_certificates", False,
"federation_verify_certificates", True,
)
# Whitelist of domains to not verify certificates for
@ -241,12 +241,12 @@ class TlsConfig(Config):
#
#tls_private_key_path: "%(tls_private_key_path)s"
# Whether to verify TLS certificates when sending federation traffic.
# Whether to verify TLS server certificates for outbound federation requests.
#
# This currently defaults to `false`, however this will change in
# Synapse 1.0 when valid federation certificates will be required.
# Defaults to `true`. To disable certificate verification, uncomment the
# following line.
#
#federation_verify_certificates: true
#federation_verify_certificates: false
# Skip federation certificate verification on the following whitelist
# of domains.