Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Infer no_tls from presence of TLS listeners #4613

Merged
merged 7 commits into from
Feb 12, 2019
Merged

Infer no_tls from presence of TLS listeners #4613

merged 7 commits into from
Feb 12, 2019

Conversation

richvdh
Copy link
Member

@richvdh richvdh commented Feb 11, 2019
edited
Loading

Rather than have to specify no_tls explicitly, infer whether we need to load
the TLS keys etc from whether we have any TLS-enabled listeners.

Based on #4615, #4616, #4617

@richvdh richvdh mentioned this pull request Feb 11, 2019
Merged
@richvdh richvdh requested a review from a team February 11, 2019 18:09
@richvdh
Logging improvements around TLS certs
086f6f2 
Log which file we're reading keys and certs from, and refactor the code a bit
in preparation for other work
@richvdh richvdh force-pushed the rav/deprecate_no_tls branch from 1242963 to 2785cac Compare February 11, 2019 21:07
@richvdh richvdh removed the request for review from a team February 11, 2019 21:07
@richvdh
Fail cleanly if listener config lacks a 'port'
2129dd1 
... otherwise we would fail with a mysterious KeyError or something later.
@richvdh
Merge branch 'rav/tls_config_logging_fixes' into rav/tls_cert/work
be794c7
@richvdh
Don't create server contexts when TLS is disabled
9645728 
we aren't going to use them anyway.
@richvdh
Merge branch 'rav/no_create_server_contexts_if_no_tls' into rav/tls_c…
15272f8 
…ert/work
@richvdh
Infer no_tls from presence of TLS listeners
4fddf8f 
Rather than have to specify `no_tls` explicitly, infer whether we need to load
the TLS keys etc from whether we have any TLS-enabled listeners.
@richvdh richvdh force-pushed the rav/deprecate_no_tls branch from 2785cac to 4fddf8f Compare February 11, 2019 21:40
@codecov-io
Copy link

codecov-io commented Feb 11, 2019
edited
Loading

Codecov Report

Merging #4613 into develop will decrease coverage by <.01%.
The diff coverage is 62.85%.

@@             Coverage Diff             @@
##           develop    #4613      +/-   ##
===========================================
- Coverage    75.31%   75.31%   -0.01%     
===========================================
  Files          338      338              
  Lines        34540    34552      +12     
  Branches      5643     5647       +4     
===========================================
+ Hits         26013    26022       +9     
- Misses        6941     6943       +2     
- Partials      1586     1587       +1

@richvdh richvdh mentioned this pull request Feb 11, 2019
Merged
@richvdh richvdh requested a review from a team February 11, 2019 22:11
richvdh added a commit that referenced this pull request Feb 11, 2019
@richvdh
Remove redundant entries from docker config
91f8cd3 
* no_tls is now redundant (#4613)
* we don't need a dummy cert any more (#4618)
@richvdh richvdh mentioned this pull request Feb 11, 2019
Merged
@erikjohnston erikjohnston merged commit 8a2e316 into develop Feb 12, 2019
richvdh added a commit that referenced this pull request Feb 14, 2019
@richvdh
Merge tag 'v0.99.1'
00cf679 
Synapse 0.99.1 (2019-02-14)
===========================

Features
--------

- Include m.room.encryption on invites by default ([\#3902](#3902))
- Federation OpenID listener resource can now be activated even if federation is disabled ([\#4420](#4420))
- Synapse's ACME support will now correctly reprovision a certificate that approaches its expiry while Synapse is running. ([\#4522](#4522))
- Add ability to update backup versions ([\#4580](#4580))
- Allow the "unavailable" presence status for /sync.
  This change makes Synapse compliant with r0.4.0 of the Client-Server specification. ([\#4592](#4592))
- There is no longer any need to specify `no_tls`: it is inferred from the absence of TLS listeners ([\#4613](#4613), [\#4615](#4615), [\#4617](#4617), [\#4636](#4636))
- The default configuration no longer requires TLS certificates. ([\#4614](#4614))

Bugfixes
--------

- Copy over room federation ability on room upgrade. ([\#4530](#4530))
- Fix noisy "twisted.internet.task.TaskStopped" errors in logs ([\#4546](#4546))
- Synapse is now tolerant of the `tls_fingerprints` option being None or not specified. ([\#4589](#4589))
- Fix 'no unique or exclusion constraint' error ([\#4591](#4591))
- Transfer Server ACLs on room upgrade. ([\#4608](#4608))
- Fix failure to start when not TLS certificate was given even if TLS was disabled. ([\#4618](#4618))
- Fix self-signed cert notice from generate-config. ([\#4625](#4625))
- Fix performance of `user_ips` table deduplication background update ([\#4626](#4626), [\#4627](#4627))

Internal Changes
----------------

- Change the user directory state query to use a filtered call to the db instead of a generic one. ([\#4462](#4462))
- Reject federation transactions if they include more than 50 PDUs or 100 EDUs. ([\#4513](#4513))
- Reduce duplication of ``synapse.app`` code. ([\#4567](#4567))
- Fix docker upload job to push -py2 images. ([\#4576](#4576))
- Add port configuration information to ACME instructions. ([\#4578](#4578))
- Update MSC1711 FAQ to calrify .well-known usage ([\#4584](#4584))
- Clean up default listener configuration ([\#4586](#4586))
- Clarifications for reverse proxy docs ([\#4607](#4607))
- Move ClientTLSOptionsFactory init out of `refresh_certificates` ([\#4611](#4611))
- Fail cleanly if listener config lacks a 'port' ([\#4616](#4616))
- Remove redundant entries from docker config ([\#4619](#4619))
- README updates ([\#4621](#4621))
@richvdh richvdh deleted the rav/deprecate_no_tls branch February 20, 2019 11:54
@realtyem realtyem mentioned this pull request Mar 30, 2023
Merged
4 tasks
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@erikjohnston erikjohnston erikjohnston approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@richvdh @codecov-io @erikjohnston