Remove redundant code to reload tls cert (#10054)
we don't need to reload the tls cert if we don't have any tls listeners. Follow-up to #9280.pull/10084/head
parent
224f2f949b
commit
fe5dad46b0
|
@ -0,0 +1 @@
|
||||||
|
Remove some dead code regarding TLS certificate handling.
|
|
@ -261,13 +261,10 @@ def refresh_certificate(hs):
|
||||||
Refresh the TLS certificates that Synapse is using by re-reading them from
|
Refresh the TLS certificates that Synapse is using by re-reading them from
|
||||||
disk and updating the TLS context factories to use them.
|
disk and updating the TLS context factories to use them.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
if not hs.config.has_tls_listener():
|
if not hs.config.has_tls_listener():
|
||||||
# attempt to reload the certs for the good of the tls_fingerprints
|
|
||||||
hs.config.read_certificate_from_disk(require_cert_and_key=False)
|
|
||||||
return
|
return
|
||||||
|
|
||||||
hs.config.read_certificate_from_disk(require_cert_and_key=True)
|
hs.config.read_certificate_from_disk()
|
||||||
hs.tls_server_context_factory = context_factory.ServerContextFactory(hs.config)
|
hs.tls_server_context_factory = context_factory.ServerContextFactory(hs.config)
|
||||||
|
|
||||||
if hs._listening_services:
|
if hs._listening_services:
|
||||||
|
|
|
@ -215,28 +215,12 @@ class TlsConfig(Config):
|
||||||
days_remaining = (expires_on - now).days
|
days_remaining = (expires_on - now).days
|
||||||
return days_remaining
|
return days_remaining
|
||||||
|
|
||||||
def read_certificate_from_disk(self, require_cert_and_key: bool):
|
def read_certificate_from_disk(self):
|
||||||
"""
|
"""
|
||||||
Read the certificates and private key from disk.
|
Read the certificates and private key from disk.
|
||||||
|
|
||||||
Args:
|
|
||||||
require_cert_and_key: set to True to throw an error if the certificate
|
|
||||||
and key file are not given
|
|
||||||
"""
|
"""
|
||||||
if require_cert_and_key:
|
|
||||||
self.tls_private_key = self.read_tls_private_key()
|
self.tls_private_key = self.read_tls_private_key()
|
||||||
self.tls_certificate = self.read_tls_certificate()
|
self.tls_certificate = self.read_tls_certificate()
|
||||||
elif self.tls_certificate_file:
|
|
||||||
# we only need the certificate for the tls_fingerprints. Reload it if we
|
|
||||||
# can, but it's not a fatal error if we can't.
|
|
||||||
try:
|
|
||||||
self.tls_certificate = self.read_tls_certificate()
|
|
||||||
except Exception as e:
|
|
||||||
logger.info(
|
|
||||||
"Unable to read TLS certificate (%s). Ignoring as no "
|
|
||||||
"tls listeners enabled.",
|
|
||||||
e,
|
|
||||||
)
|
|
||||||
|
|
||||||
def generate_config_section(
|
def generate_config_section(
|
||||||
self,
|
self,
|
||||||
|
|
|
@ -74,12 +74,11 @@ s4niecZKPBizL6aucT59CsunNmmb5Glq8rlAcU+1ZTZZzGYqVYhF6axB9Qg=
|
||||||
|
|
||||||
config = {
|
config = {
|
||||||
"tls_certificate_path": os.path.join(config_dir, "cert.pem"),
|
"tls_certificate_path": os.path.join(config_dir, "cert.pem"),
|
||||||
"tls_fingerprints": [],
|
|
||||||
}
|
}
|
||||||
|
|
||||||
t = TestConfig()
|
t = TestConfig()
|
||||||
t.read_config(config, config_dir_path="", data_dir_path="")
|
t.read_config(config, config_dir_path="", data_dir_path="")
|
||||||
t.read_certificate_from_disk(require_cert_and_key=False)
|
t.read_tls_certificate()
|
||||||
|
|
||||||
warnings = self.flushWarnings()
|
warnings = self.flushWarnings()
|
||||||
self.assertEqual(len(warnings), 1)
|
self.assertEqual(len(warnings), 1)
|
||||||
|
|
Loading…
Reference in New Issue