Richard van der Hoff
c5b0e9f485
Turn _start_key_lookups into an inlineCallbacks function
...
... which means that logcontexts can be correctly preserved for the stuff it
does.
get_server_verify_keys is now called with the logcontext, so needs to
preserve_fn when it fires off its nested inlineCallbacks function.
Also renames get_server_verify_keys to reflect the fact it's meant to be
private.
2017-09-20 01:32:42 +01:00
Richard van der Hoff
abdefb8a01
Fix potential race in _start_key_lookups
...
If the verify_request.deferred has already completed, then `remove_deferreds`
will be called immediately. It therefore might resolve the server_to_deferred
deferred while there are still other requests for that server in flight.
To avoid that, we should build the complete list of requests, and *then* add the
callbacks.
2017-09-20 01:32:42 +01:00
Richard van der Hoff
afbd773dc6
Add some comments to _start_key_lookups
2017-09-20 01:32:42 +01:00
Richard van der Hoff
2a4b9ea233
Consistency for how verify_request.deferred is called
...
Define that it is run with no log context, and make sure that happens.
If we aren't careful to reset the logcontext, we can't bung the deferreds into
defer.gatherResults etc. We don't actually do that directly, but we *do*
resolve other deferreds from affected callbacks (notably the server_to_deferred
map in _start_key_lookups), and those *do* get passed into
defer.gatherResults. It turns out that this way ends up being least confusing.
2017-09-20 01:32:42 +01:00
Richard van der Hoff
3b98439eca
Factor out _start_key_lookups
...
... to make it easier to see what's going on.
2017-09-20 01:32:42 +01:00
Richard van der Hoff
fde63b880d
Replace server_and_json
with verify_requests
...
This is a precursor to factoring some of this code out.
2017-09-20 01:32:42 +01:00
Richard van der Hoff
2d511defd9
pull out handle_key_deferred to top level
...
There's no need for this to be a nested definition; pulling it out not only
makes it more efficient, but makes it easier to check that it's not accessing
any local variables it shouldn't be.
2017-09-20 01:32:42 +01:00
Richard van der Hoff
dd1ea9763a
Fix incorrect key_ids in error message
2017-09-20 01:32:42 +01:00
Richard van der Hoff
9864efa532
Fix concurrent server_key requests ( #2458 )
...
Fix a bug where we could end up firing off multiple requests for server_keys
for the same server at the same time.
2017-09-19 23:25:44 +01:00
Richard van der Hoff
290777b3d9
Clean up and document handling of logcontexts in Keyring ( #2452 )
...
I'm still unclear on what the intended behaviour for
`verify_json_objects_for_server` is, but at least I now understand the
behaviour of most of the things it calls...
2017-09-18 18:31:01 +01:00
Richard van der Hoff
9397edb28b
Merge pull request #2050 from matrix-org/rav/federation_backoff
...
push federation retry limiter down to matrixfederationclient
2017-03-23 22:27:01 +00:00
Richard van der Hoff
4bd597d9fc
push federation retry limiter down to matrixfederationclient
...
rather than having to instrument everywhere we make a federation call,
make the MatrixFederationHttpClient manage the retry limiter.
2017-03-23 09:28:46 +00:00
Richard van der Hoff
64778693be
fix up some key verif docstrings
2017-03-21 13:27:50 +00:00
Richard van der Hoff
c36d15d2de
Add some debug to help diagnose weird federation issue
2017-03-20 15:36:14 +00:00
Erik Johnston
9219139351
Preserve some logcontexts
2016-08-24 11:58:40 +01:00
Erik Johnston
04fc8bbcb0
Update keyring Measure
2016-08-19 18:23:44 +01:00
Erik Johnston
2426c2f21a
Measure keyrings
2016-08-19 18:23:44 +01:00
Erik Johnston
fa1ce4d8ad
Don't print stack traces when failing to get remote keys
2016-08-10 10:44:37 +01:00
Erik Johnston
a285194021
Merge branch 'erikj/key_client_fix' of github.com:matrix-org/synapse into release-v0.17.0
2016-07-28 10:47:06 +01:00
Mark Haines
29b25d59c6
Merge branch 'develop' into markjh/verify
...
Conflicts:
synapse/crypto/keyring.py
2016-07-27 15:11:02 +01:00
Mark Haines
884b800899
Merge pull request #955 from matrix-org/markjh/only_from2
...
Add a couple more checks to the keyring
2016-07-27 15:08:22 +01:00
Mark Haines
fe1b369946
Clean up verify_json_objects_for_server
2016-07-27 14:10:43 +01:00
Mark Haines
a4b06b619c
Add a couple more checks to the keyring
2016-07-26 19:50:11 +01:00
Mark Haines
87ffd21b29
Fix a couple of bugs in the transaction and keyring code
2016-07-26 19:19:08 +01:00
Erik Johnston
d26b660aa6
Cache getPeer
2016-07-21 17:38:51 +01:00
Erik Johnston
cf94a78872
Set host not path
2016-07-21 11:45:53 +01:00
Erik Johnston
081e5d55e6
Send the correct host header when fetching keys
2016-07-21 11:14:54 +01:00
David Baker
f28643cea9
Uncommit accidentally commited edit to cipher list
2016-05-10 18:44:32 +02:00
David Baker
d46b18a00f
Pass through _get_event_txn
2016-05-10 18:27:06 +02:00
Erik Johnston
2e2be463f8
Make key client send a Host header
2016-03-11 10:29:05 +00:00
Erik Johnston
2c1fbea531
Fix up logcontexts
2016-02-08 14:26:45 +00:00
Matthew Hodgson
6c28ac260c
copyrights
2016-01-07 04:26:29 +00:00
Paul "LeoNerd" Evans
a6ba41e078
Actually look up required remote server key IDs
...
set.union() is a side-effect-free function that returns the union of two
sets. This clearly wanted .update(), which is the side-effecting mutator
version.
2015-12-18 21:36:42 +00:00
Erik Johnston
0eabfa55f6
Fix typo
2015-11-20 17:17:58 +00:00
Erik Johnston
6408541075
Don't limit connections to perspective servers
2015-11-20 17:15:44 +00:00
Erik Johnston
ffe8cf7e59
Fix bug where we sometimes didn't fetch all the keys requested for a
...
server.
2015-09-17 10:21:32 +01:00
Daniel Wagner-Hall
2c8f16257a
Merge pull request #272 from matrix-org/daniel/insecureclient
...
Allow configuration to ignore invalid SSL certs
2015-09-15 16:52:38 +01:00
Erik Johnston
dd0867f5ba
Various bug fixes to crypto.keyring
2015-09-09 17:02:39 +01:00
Daniel Wagner-Hall
81a93ddcc8
Allow configuration to ignore invalid SSL certs
...
This will be useful for sytest, and sytest only, hence the aggressive
config key name.
2015-09-09 12:02:07 +01:00
Mark Haines
78323ccdb3
Remove syutil dependency in favour of smaller single-purpose libraries
2015-08-24 16:17:38 +01:00
Erik Johnston
0b3389bcd2
Merge pull request #194 from matrix-org/erikj/bulk_verify_sigs
...
Implement bulk verify_signed_json API
2015-07-10 13:46:53 +01:00
Matthew Hodgson
fb8d2862c1
remove the tls_certificate_chain_path param and simply support tls_certificate_path pointing to a file containing a chain of certificates
2015-07-09 00:45:41 +01:00
Matthew Hodgson
f26a3df1bf
oops, context.tls_certificate_chain_file() expects a file, not a certificate.
2015-07-08 21:33:02 +01:00
Matthew Hodgson
19fa3731ae
typo
2015-07-08 18:53:41 +01:00
Matthew Hodgson
64afbe6ccd
add new optional config for tls_certificate_chain_path for folks with intermediary SSL certs
2015-07-08 18:20:02 +01:00
Erik Johnston
f0dd568e16
Wait for previous attempts at fetching keys for a given server before trying to fetch more
2015-06-26 11:25:00 +01:00
Erik Johnston
b5f55a1d85
Implement bulk verify_signed_json API
2015-06-26 10:39:34 +01:00
Erik Johnston
291cba284b
Handle the case when things return empty but non none things
2015-05-19 14:42:46 +01:00
Erik Johnston
253f76a0a5
Don't always hit get_server_verify_key_v1_direct
2015-05-19 14:42:38 +01:00
Erik Johnston
d3e09f12d0
SYN-383: Actually, we expect this value to be a dict
2015-05-19 13:12:41 +01:00