Patrick Cloke
8c7a531e27
Use direct references for some configuration variables (part 2) ( #10812 )
2021-09-15 08:34:52 -04:00
Jonathan de Jong
4c3827f2c1
Enable addtional flake8-bugbear linting checks. ( #9659 )
2021-03-24 09:34:30 -04:00
Jonathan de Jong
27d2820c33
Enable flake8-bugbear, but disable most checks. ( #9499 )
...
* Adds B00 to ignored checks.
* Fixes remaining issues.
2021-03-16 14:19:27 -04:00
Erik Johnston
54a6afeee3
Cache config options in SSL verification ( #9255 )
...
Reading from the config object is *slow*.
2021-01-28 17:38:59 +00:00
Patrick Cloke
1c9a850562
Add type hints to the crypto module. ( #8999 )
2021-01-04 10:04:50 -05:00
Patrick Cloke
34a5696f93
Fix typos and spelling errors. ( #8639 )
2020-10-23 12:38:40 -04:00
Richard van der Hoff
4f3096d866
Add a comment re #1691
2020-09-21 12:34:06 +01:00
Patrick Cloke
c619253db8
Stop sub-classing object ( #8249 )
2020-09-04 06:54:56 -04:00
Richard van der Hoff
de6f892065
Add a comment about SSLv23_METHOD ( #8043 )
2020-08-07 15:14:29 +01:00
Richard van der Hoff
c37db0211e
Share SSL contexts for non-federation requests ( #7094 )
...
Extends #5794 etc to the SimpleHttpClient so that it also applies to non-federation requests.
Fixes #7092 .
2020-03-17 21:32:25 +00:00
Amber Brown
850dcfd2d3
Fix well-known lookups with the federation certificate whitelist ( #5997 )
2019-09-14 04:58:38 +10:00
Erik Johnston
a9bcae9f50
Share SSL options for well-known requests
2019-07-31 10:39:24 +01:00
Amber Brown
be3b901ccd
Update the TLS cipher string and provide configurability for TLS on outgoing federation ( #5550 )
2019-06-28 18:19:09 +10:00
Richard van der Hoff
81b8fdedf2
rename gutwrenched attr
2019-06-10 17:51:11 +01:00
Richard van der Hoff
efe7b3176e
Fix federation connections to literal IP addresses
...
turns out we need a shiny version of service_identity to enforce this
correctly.
2019-06-10 15:58:35 +01:00
Richard van der Hoff
d11c634ced
clean up impl, and import idna directly
2019-06-10 15:55:12 +01:00
Richard van der Hoff
c2b6e945e1
Share an SSL context object between SSL connections
...
This involves changing how the info callbacks work.
2019-06-09 14:01:32 +01:00
Andrew Morgan
6824ddd93d
Config option for verifying federation certificates (MSC 1711) ( #4967 )
2019-04-25 14:22:49 +01:00
Amber Brown
561eebe170
fix to use makeContext so that we don't need to rebuild the certificateoptions each time
2019-02-19 16:18:05 +11:00
Richard van der Hoff
9645728619
Don't create server contexts when TLS is disabled
...
we aren't going to use them anyway.
2019-02-11 21:32:01 +00:00
Richard van der Hoff
97fd29c019
Don't send IP addresses as SNI ( #4452 )
...
The problem here is that we have cut-and-pasted an impl from Twisted, and then
failed to maintain it. It was fixed in Twisted in
https://github.com/twisted/twisted/pull/1047/files ; let's do the same here.
2019-01-24 09:34:44 +00:00
Amber Brown
23b0813599
Require ECDH key exchange & remove dh_params ( #4429 )
...
* remove dh_params and set better cipher string
2019-01-22 21:58:50 +11:00
Amber Brown
8fd93b5eea
Port crypto/ to Python 3 ( #3822 )
2018-09-12 20:16:31 +10:00
Jeroen
2e9c73e8ca
more generic conversion of str/bytes to unicode
2018-08-09 21:31:26 +02:00
Jeroen
64899341dc
include private functions from twisted
2018-08-09 21:04:22 +02:00
Jeroen
d5c0ce4cad
updated docstring for ServerContextFactory
2018-08-08 19:25:01 +02:00
Jeroen
2903e65aff
fix isort
2018-07-29 19:47:08 +02:00
Jeroen
95341a8f6f
take idna implementation from twisted
2018-06-26 21:15:14 +02:00
Jeroen
b7f34ee348
allow self-signed certificates
2018-06-26 20:41:05 +02:00
Jeroen
07b4f88de9
formatting changes for pep8
2018-06-25 12:31:16 +02:00
Jeroen
3d605853c8
send SNI for federation requests
2018-06-24 22:38:43 +02:00
Will Hunt
2ad3fc36e6
Fixes #3135 - Replace _OpenSSLECCurve with crypto.get_elliptic_curve ( #3157 )
...
fixes #3135
Signed-off-by: Will Hunt will@half-shot.uk
2018-04-30 16:21:11 +01:00
Richard van der Hoff
eaaabc6c4f
replace 'except:' with 'except Exception:'
...
what could possibly go wrong
2017-10-23 15:52:32 +01:00
Matthew Hodgson
6c28ac260c
copyrights
2016-01-07 04:26:29 +00:00
Matthew Hodgson
fb8d2862c1
remove the tls_certificate_chain_path param and simply support tls_certificate_path pointing to a file containing a chain of certificates
2015-07-09 00:45:41 +01:00
Matthew Hodgson
f26a3df1bf
oops, context.tls_certificate_chain_file() expects a file, not a certificate.
2015-07-08 21:33:02 +01:00
Matthew Hodgson
19fa3731ae
typo
2015-07-08 18:53:41 +01:00
Matthew Hodgson
64afbe6ccd
add new optional config for tls_certificate_chain_path for folks with intermediary SSL certs
2015-07-08 18:20:02 +01:00
Erik Johnston
3ce8540484
Don't look for an TLS private key if we have set --no-tls
2015-03-06 11:34:06 +00:00
Mark Haines
adb04b1e57
Update copyright notices
2015-01-06 13:21:39 +00:00
Mark Haines
7d709542ca
Fix pep8 warnings
2014-10-30 11:10:17 +00:00
Mark Haines
15be181642
Add log message if we can't enable ECC. Require pyopenssl>=0.14 since 0.13 doesn't seem to have ECC
2014-10-24 19:27:12 +01:00
Matthew Hodgson
8a7c1d6a00
fix the copyright holder from matrix.org to OpenMarket Ltd, as matrix.org hasn't been incorporated in time for launch.
2014-09-03 17:31:57 +01:00
Mark Haines
c6eafdfbaf
Add copyright notices and fix pyflakes errors
2014-09-03 09:43:11 +01:00
Mark Haines
79650f795f
enable ECDHE ciphers
2014-09-01 22:29:44 +01:00
Mark Haines
6200630904
Add server TLS context factory
2014-09-01 17:55:35 +01:00