Mark Haines
a4b06b619c
Add a couple more checks to the keyring
2016-07-26 19:50:11 +01:00
David Baker
f28643cea9
Uncommit accidentally commited edit to cipher list
2016-05-10 18:44:32 +02:00
David Baker
d46b18a00f
Pass through _get_event_txn
2016-05-10 18:27:06 +02:00
Erik Johnston
2e2be463f8
Make key client send a Host header
2016-03-11 10:29:05 +00:00
Erik Johnston
2c1fbea531
Fix up logcontexts
2016-02-08 14:26:45 +00:00
Matthew Hodgson
6c28ac260c
copyrights
2016-01-07 04:26:29 +00:00
Paul "LeoNerd" Evans
a6ba41e078
Actually look up required remote server key IDs
...
set.union() is a side-effect-free function that returns the union of two
sets. This clearly wanted .update(), which is the side-effecting mutator
version.
2015-12-18 21:36:42 +00:00
Erik Johnston
0eabfa55f6
Fix typo
2015-11-20 17:17:58 +00:00
Erik Johnston
6408541075
Don't limit connections to perspective servers
2015-11-20 17:15:44 +00:00
Erik Johnston
ffe8cf7e59
Fix bug where we sometimes didn't fetch all the keys requested for a
...
server.
2015-09-17 10:21:32 +01:00
Daniel Wagner-Hall
2c8f16257a
Merge pull request #272 from matrix-org/daniel/insecureclient
...
Allow configuration to ignore invalid SSL certs
2015-09-15 16:52:38 +01:00
Erik Johnston
dd0867f5ba
Various bug fixes to crypto.keyring
2015-09-09 17:02:39 +01:00
Daniel Wagner-Hall
81a93ddcc8
Allow configuration to ignore invalid SSL certs
...
This will be useful for sytest, and sytest only, hence the aggressive
config key name.
2015-09-09 12:02:07 +01:00
Mark Haines
78323ccdb3
Remove syutil dependency in favour of smaller single-purpose libraries
2015-08-24 16:17:38 +01:00
Erik Johnston
0b3389bcd2
Merge pull request #194 from matrix-org/erikj/bulk_verify_sigs
...
Implement bulk verify_signed_json API
2015-07-10 13:46:53 +01:00
Matthew Hodgson
fb8d2862c1
remove the tls_certificate_chain_path param and simply support tls_certificate_path pointing to a file containing a chain of certificates
2015-07-09 00:45:41 +01:00
Matthew Hodgson
f26a3df1bf
oops, context.tls_certificate_chain_file() expects a file, not a certificate.
2015-07-08 21:33:02 +01:00
Matthew Hodgson
19fa3731ae
typo
2015-07-08 18:53:41 +01:00
Matthew Hodgson
64afbe6ccd
add new optional config for tls_certificate_chain_path for folks with intermediary SSL certs
2015-07-08 18:20:02 +01:00
Erik Johnston
f0dd568e16
Wait for previous attempts at fetching keys for a given server before trying to fetch more
2015-06-26 11:25:00 +01:00
Erik Johnston
b5f55a1d85
Implement bulk verify_signed_json API
2015-06-26 10:39:34 +01:00
Erik Johnston
291cba284b
Handle the case when things return empty but non none things
2015-05-19 14:42:46 +01:00
Erik Johnston
253f76a0a5
Don't always hit get_server_verify_key_v1_direct
2015-05-19 14:42:38 +01:00
Erik Johnston
d3e09f12d0
SYN-383: Actually, we expect this value to be a dict
2015-05-19 13:12:41 +01:00
Erik Johnston
2b7120e233
SYN-383: Handle the fact the server might not have signed things
2015-05-19 12:49:38 +01:00
Erik Johnston
8b256a7296
Don't reuse var names
2015-05-19 11:58:22 +01:00
Erik Johnston
2aeee2a905
SYN-383: Fix parsing of verify_keys and catching of _DefGen_Return
2015-05-19 11:56:18 +01:00
Mark Haines
c6a03c46e6
SYN-383: Extract the response list from 'server_keys' in the response JSON as it might work better than iterating over the top level dict
2015-05-19 10:23:02 +01:00
Mark Haines
ec07dba29e
Merge pull request #143 from matrix-org/erikj/SYN-375
...
SYN-375 - Lots of unhandled deferred exceptions.
2015-05-12 15:25:54 +01:00
Erik Johnston
476899295f
Change the way we do logging contexts so that they survive divergences
2015-05-08 16:32:18 +01:00
Erik Johnston
fca28d243e
Change the way we create observers to deferreds so that we don't get spammed by 'unhandled errors'
2015-05-08 16:28:08 +01:00
Mark Haines
1319905d7a
Use a defer.gatherResults to collect results from the perspective servers
2015-04-29 13:31:14 +01:00
Mark Haines
74874ffda7
Update the query format used by keyring to match current key v2 spec
2015-04-29 12:14:08 +01:00
Mark Haines
46d200a3a1
Implement minimum_valid_until_ts in the remote key resource
2015-04-29 11:57:26 +01:00
Mark Haines
f8b865264a
Merge branch 'develop' into key_distribution
...
Conflicts:
synapse/crypto/keyring.py
2015-04-27 18:29:32 +01:00
Erik Johnston
2c70849dc3
Fix newlines
2015-04-27 14:38:29 +01:00
Erik Johnston
0a016b0525
Pull inner function out.
2015-04-27 14:37:24 +01:00
Erik Johnston
e701aec2d1
Implement locks using create_observer for fetching media and server keys
2015-04-27 14:20:26 +01:00
Mark Haines
288702170d
Add config for setting the perspective servers
2015-04-24 17:01:34 +01:00
Mark Haines
4bbf7156ef
Update to match the specification for key/v2
2015-04-23 16:39:13 +01:00
Mark Haines
f30d47c876
Implement remote key lookup api
2015-04-22 14:21:08 +01:00
Mark Haines
2f9157b427
Implement v2 key lookup
2015-04-20 16:23:47 +01:00
Mark Haines
8d761134c2
Fail quicker for 4xx responses in the key client, optional hit a different API path
2015-04-15 16:57:58 +01:00
Erik Johnston
3ce8540484
Don't look for an TLS private key if we have set --no-tls
2015-03-06 11:34:06 +00:00
Erik Johnston
5b5c7a28d6
Log error message when we fail to fetch remote server keys
2015-03-05 17:09:13 +00:00
Erik Johnston
9371019133
Try to only back off if we think we failed to connect to the remote
2015-02-17 18:13:34 +00:00
Erik Johnston
2b8f1a956c
Add per server retry limiting.
...
Factor out the pre destination retry logic from TransactionQueue so it
can be reused in both get_pdu and crypto.keyring
2015-02-17 17:20:56 +00:00
Erik Johnston
5025305fb2
Rate limit retries when fetching server keys.
2015-02-17 15:57:42 +00:00
Erik Johnston
4ebbaf0d43
Blunty replace json with simplejson
2015-02-11 14:23:10 +00:00
Mark Haines
84a769cdb7
Fix code-style
2015-02-10 17:58:36 +00:00