Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Remove support for ACME v1 #10194

Merged
merged 7 commits into from
Jun 17, 2021
Merged

Remove support for ACME v1 #10194

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
78abc4a
Remove ACME support from Synapse
babolivier Jun 17, 2021
ea34810
Changelog
babolivier Jun 17, 2021
de29935
Lint
babolivier Jun 17, 2021
efc95d6
Remove self-signed cert warning
babolivier Jun 17, 2021
69de5c9
Lint
babolivier Jun 17, 2021
5315bf2
Update docstring
babolivier Jun 17, 2021
eefd270
Merge branch 'develop' into babolivier/bye_bye_acme
babolivier Jun 17, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 0 additions & 6 deletions synapse/config/tls.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -299,12 +299,6 @@ def read_tls_certificate(self) -> crypto.X509:
cert_pem = self.read_file(cert_path, "tls_certificate_path")
cert = crypto.load_certificate(crypto.FILETYPE_PEM, cert_pem)

# Check if it is self-signed, and issue a warning if so.
babolivier marked this conversation as resolved.
Show resolved Hide resolved
if cert.get_issuer() == cert.get_subject():
warnings.warn(
"Self-signed TLS certificates will not be accepted by Synapse 1.0."
)

return cert

def read_tls_private_key(self) -> crypto.PKey:
Expand Down
48 changes: 0 additions & 48 deletions tests/config/test_tls.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,54 +38,6 @@ class TestConfig(RootConfig):


class TLSConfigTests(TestCase):
def test_warn_self_signed(self):
"""
Synapse will give a warning when it loads a self-signed certificate.
"""
config_dir = self.mktemp()
os.mkdir(config_dir)
with open(os.path.join(config_dir, "cert.pem"), "w") as f:
f.write(
"""-----BEGIN CERTIFICATE-----
MIID6DCCAtACAws9CjANBgkqhkiG9w0BAQUFADCBtzELMAkGA1UEBhMCVFIxDzAN
BgNVBAgMBsOHb3J1bTEUMBIGA1UEBwwLQmHFn21ha8OnxLExEjAQBgNVBAMMCWxv
Y2FsaG9zdDEcMBoGA1UECgwTVHdpc3RlZCBNYXRyaXggTGFiczEkMCIGA1UECwwb
QXV0b21hdGVkIFRlc3RpbmcgQXV0aG9yaXR5MSkwJwYJKoZIhvcNAQkBFhpzZWN1
cml0eUB0d2lzdGVkbWF0cml4LmNvbTAgFw0xNzA3MTIxNDAxNTNaGA8yMTE3MDYx
ODE0MDE1M1owgbcxCzAJBgNVBAYTAlRSMQ8wDQYDVQQIDAbDh29ydW0xFDASBgNV
BAcMC0JhxZ9tYWvDp8SxMRIwEAYDVQQDDAlsb2NhbGhvc3QxHDAaBgNVBAoME1R3
aXN0ZWQgTWF0cml4IExhYnMxJDAiBgNVBAsMG0F1dG9tYXRlZCBUZXN0aW5nIEF1
dGhvcml0eTEpMCcGCSqGSIb3DQEJARYac2VjdXJpdHlAdHdpc3RlZG1hdHJpeC5j
b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDwT6kbqtMUI0sMkx4h
I+L780dA59KfksZCqJGmOsMD6hte9EguasfkZzvCF3dk3NhwCjFSOvKx6rCwiteo
WtYkVfo+rSuVNmt7bEsOUDtuTcaxTzIFB+yHOYwAaoz3zQkyVW0c4pzioiLCGCmf
FLdiDBQGGp74tb+7a0V6kC3vMLFoM3L6QWq5uYRB5+xLzlPJ734ltyvfZHL3Us6p
cUbK+3WTWvb4ER0W2RqArAj6Bc/ERQKIAPFEiZi9bIYTwvBH27OKHRz+KoY/G8zY
+l+WZoJqDhupRAQAuh7O7V/y6bSP+KNxJRie9QkZvw1PSaGSXtGJI3WWdO12/Ulg
epJpAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAJXEq5P9xwvP9aDkXIqzcD0L8sf8
ewlhlxTQdeqt2Nace0Yk18lIo2oj1t86Y8jNbpAnZJeI813Rr5M7FbHCXoRc/SZG
I8OtG1xGwcok53lyDuuUUDexnK4O5BkjKiVlNPg4HPim5Kuj2hRNFfNt/F2BVIlj
iZupikC5MT1LQaRwidkSNxCku1TfAyueiBwhLnFwTmIGNnhuDCutEVAD9kFmcJN2
SznugAcPk4doX2+rL+ila+ThqgPzIkwTUHtnmjI0TI6xsDUlXz5S3UyudrE2Qsfz
s4niecZKPBizL6aucT59CsunNmmb5Glq8rlAcU+1ZTZZzGYqVYhF6axB9Qg=
-----END CERTIFICATE-----"""
)

config = {
"tls_certificate_path": os.path.join(config_dir, "cert.pem"),
}

t = TestConfig()
t.read_config(config, config_dir_path="", data_dir_path="")
t.read_tls_certificate()

warnings = self.flushWarnings()
self.assertEqual(len(warnings), 1)
self.assertEqual(
warnings[0]["message"],
"Self-signed TLS certificates will not be accepted by Synapse 1.0.",
)

def test_tls_client_minimum_default(self):
"""
The default client TLS version is 1.0.
Expand Down