This repository has been archived by the owner on Apr 26, 2024. It is now read-only.
adopt new Twisted TLS APIs #1691
Labels
T-Enhancement
New features, changes in functionality, improvements in performance, or user-facing enhancements.
Comments
|
FTR: This would also make it easy to implement http2-connections - e.g. server2server |
|
We've updated the client side now, but still subclass ContextFactory for Server-side connections. |
babolivier
pushed a commit
that referenced
this issue
Sep 1, 2021
* commit '4325be1a5': Fix missing null character check on guest_access room state Fixed a bug with reactivating users with the admin API (#8362) Admin API for reported events (#8217) Fix wording of deprecation notice in changelog Deprecation warning for synapse admin api being accessible under /_matrix Create function to check for long names in devices (#8364) Add a comment re #1691 Fix a bad merge from release-v1.20.0. (#8354) Admin API for querying rooms where a user is a member (#8306) Catch-up after Federation Outage (bonus): Catch-up on Synapse Startup (#8322) Simplify super() calls to Python 3 syntax. (#8344) Allow appservice users to /login (#8320) Update test logging to be able to accept braces (#8335) Move lint dependencies to extras_require (#8330)
DMRobertson
added
T-Enhancement
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
The code in Synapse uses a subclass of
ssl.ContextFactorywith some manual OpenSSL setup.Twisted will do quite a lot of this for you (more every day!) and can handle several things that it looks like Synapse isn't doing right now, like service identity validation and sending server name indication.
The relevant APIs are:
twisted.internet.interfaces.IOpenSSLClientConnectionCreatorortwisted.internet.interfaces.IOpenSSLServerConnectionCreatorrather than subclassingContextFactoryif you need to do your own thing.optionsForClientTLSfor clients, orCertificateOptions(sorry - horrible class name there, I know) for servers, if the default behavior is good enough.The text was updated successfully, but these errors were encountered: