Remove redundant code to reload tls cert (#10054)

we don't need to reload the tls cert if we don't have any tls listeners. Follow-up to #9280.
2021-05-27 10:34:24 +01:00 · 2021-05-27 10:34:24 +01:00 · fe5dad46b0
parent 224f2f949b
commit fe5dad46b0
4 changed files with 6 additions and 25 deletions
--- a/changelog.d/10054.misc
+++ b/changelog.d/10054.misc
@ -0,0 +1 @@
+Remove some dead code regarding TLS certificate handling.
--- a/synapse/app/_base.py
+++ b/synapse/app/_base.py
@ -261,13 +261,10 @@ def refresh_certificate(hs):
    Refresh the TLS certificates that Synapse is using by re-reading them from
    disk and updating the TLS context factories to use them.
    """
-
    if not hs.config.has_tls_listener():
-        # attempt to reload the certs for the good of the tls_fingerprints
-        hs.config.read_certificate_from_disk(require_cert_and_key=False)
        return

-    hs.config.read_certificate_from_disk(require_cert_and_key=True)
+    hs.config.read_certificate_from_disk()
    hs.tls_server_context_factory = context_factory.ServerContextFactory(hs.config)

    if hs._listening_services:
--- a/synapse/config/tls.py
+++ b/synapse/config/tls.py
@ -215,28 +215,12 @@ class TlsConfig(Config):
        days_remaining = (expires_on - now).days
        return days_remaining

-    def read_certificate_from_disk(self, require_cert_and_key: bool):
+    def read_certificate_from_disk(self):
        """
        Read the certificates and private key from disk.
-
-        Args:
-            require_cert_and_key: set to True to throw an error if the certificate
-                and key file are not given
        """
-        if require_cert_and_key:
-            self.tls_private_key = self.read_tls_private_key()
-            self.tls_certificate = self.read_tls_certificate()
-        elif self.tls_certificate_file:
-            # we only need the certificate for the tls_fingerprints. Reload it if we
-            # can, but it's not a fatal error if we can't.
-            try:
-                self.tls_certificate = self.read_tls_certificate()
-            except Exception as e:
-                logger.info(
-                    "Unable to read TLS certificate (%s). Ignoring as no "
-                    "tls listeners enabled.",
-                    e,
-                )
+        self.tls_private_key = self.read_tls_private_key()
+        self.tls_certificate = self.read_tls_certificate()

    def generate_config_section(
        self,
--- a/tests/config/test_tls.py
+++ b/tests/config/test_tls.py
@ -74,12 +74,11 @@ s4niecZKPBizL6aucT59CsunNmmb5Glq8rlAcU+1ZTZZzGYqVYhF6axB9Qg=

        config = {
            "tls_certificate_path": os.path.join(config_dir, "cert.pem"),
-            "tls_fingerprints": [],
        }

        t = TestConfig()
        t.read_config(config, config_dir_path="", data_dir_path="")
-        t.read_certificate_from_disk(require_cert_and_key=False)
+        t.read_tls_certificate()

        warnings = self.flushWarnings()
        self.assertEqual(len(warnings), 1)
				`@ -0,0 +1 @@`
				`Remove some dead code regarding TLS certificate handling.`