Add docs for an empty `trusted_key_servers` config option (#13999)

* Add docs for an empty `trusted_key_servers` config option

* small rewording

* Tweak changelog
pull/14328/head
Dirk Klimpel 2022-10-28 14:55:03 +02:00 committed by GitHub
parent aa70556699
commit 44f0d573cf
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 7 additions and 0 deletions

1
changelog.d/13999.doc Normal file
View File

@ -0,0 +1 @@
Explain how to disable the use of `trusted_key_servers`.

View File

@ -2681,6 +2681,12 @@ is still supported for backwards-compatibility, but it is deprecated.
warning on start-up. To suppress this warning, set warning on start-up. To suppress this warning, set
`suppress_key_server_warning` to true. `suppress_key_server_warning` to true.
If the use of a trusted key server has to be deactivated, e.g. in a private
federation or for privacy reasons, this can be realised by setting
an empty array (`trusted_key_servers: []`). Then Synapse will request the keys
directly from the server that owns the keys. If Synapse does not get keys directly
from the server, the events of this server will be rejected.
Options for each entry in the list include: Options for each entry in the list include:
* `server_name`: the name of the server. Required. * `server_name`: the name of the server. Required.
* `verify_keys`: an optional map from key id to base64-encoded public key. * `verify_keys`: an optional map from key id to base64-encoded public key.