mirror of
https://git.anonymousland.org/anonymousland/synapse-product.git
synced 2024-12-12 04:54:18 -05:00
Merge pull request #3907 from matrix-org/rav/set_sni_to_server_name
Set SNI to the server_name, not whatever was in the SRV record
This commit is contained in:
commit
3d6b24fb1b
1
changelog.d/3907.bugfix
Normal file
1
changelog.d/3907.bugfix
Normal file
@ -0,0 +1 @@
|
|||||||
|
Fix incorrect server-name indication for outgoing federation requests
|
@ -108,7 +108,7 @@ def matrix_federation_endpoint(reactor, destination, tls_client_options_factory=
|
|||||||
|
|
||||||
Args:
|
Args:
|
||||||
reactor: Twisted reactor.
|
reactor: Twisted reactor.
|
||||||
destination (bytes): The name of the server to connect to.
|
destination (unicode): The name of the server to connect to.
|
||||||
tls_client_options_factory
|
tls_client_options_factory
|
||||||
(synapse.crypto.context_factory.ClientTLSOptionsFactory):
|
(synapse.crypto.context_factory.ClientTLSOptionsFactory):
|
||||||
Factory which generates TLS options for client connections.
|
Factory which generates TLS options for client connections.
|
||||||
@ -126,10 +126,17 @@ def matrix_federation_endpoint(reactor, destination, tls_client_options_factory=
|
|||||||
transport_endpoint = HostnameEndpoint
|
transport_endpoint = HostnameEndpoint
|
||||||
default_port = 8008
|
default_port = 8008
|
||||||
else:
|
else:
|
||||||
|
# the SNI string should be the same as the Host header, minus the port.
|
||||||
|
# as per https://github.com/matrix-org/synapse/issues/2525#issuecomment-336896777,
|
||||||
|
# the Host header and SNI should therefore be the server_name of the remote
|
||||||
|
# server.
|
||||||
|
tls_options = tls_client_options_factory.get_options(domain)
|
||||||
|
|
||||||
def transport_endpoint(reactor, host, port, timeout):
|
def transport_endpoint(reactor, host, port, timeout):
|
||||||
return wrapClientTLS(
|
return wrapClientTLS(
|
||||||
tls_client_options_factory.get_options(host),
|
tls_options,
|
||||||
HostnameEndpoint(reactor, host, port, timeout=timeout))
|
HostnameEndpoint(reactor, host, port, timeout=timeout),
|
||||||
|
)
|
||||||
default_port = 8448
|
default_port = 8448
|
||||||
|
|
||||||
if port is None:
|
if port is None:
|
||||||
|
Loading…
Reference in New Issue
Block a user