Erik Johnston
|
6408541075
|
Don't limit connections to perspective servers
|
2015-11-20 17:15:44 +00:00 |
Erik Johnston
|
ffe8cf7e59
|
Fix bug where we sometimes didn't fetch all the keys requested for a
server.
|
2015-09-17 10:21:32 +01:00 |
Daniel Wagner-Hall
|
2c8f16257a
|
Merge pull request #272 from matrix-org/daniel/insecureclient
Allow configuration to ignore invalid SSL certs
|
2015-09-15 16:52:38 +01:00 |
Erik Johnston
|
dd0867f5ba
|
Various bug fixes to crypto.keyring
|
2015-09-09 17:02:39 +01:00 |
Daniel Wagner-Hall
|
81a93ddcc8
|
Allow configuration to ignore invalid SSL certs
This will be useful for sytest, and sytest only, hence the aggressive
config key name.
|
2015-09-09 12:02:07 +01:00 |
Mark Haines
|
78323ccdb3
|
Remove syutil dependency in favour of smaller single-purpose libraries
|
2015-08-24 16:17:38 +01:00 |
Erik Johnston
|
0b3389bcd2
|
Merge pull request #194 from matrix-org/erikj/bulk_verify_sigs
Implement bulk verify_signed_json API
|
2015-07-10 13:46:53 +01:00 |
Matthew Hodgson
|
fb8d2862c1
|
remove the tls_certificate_chain_path param and simply support tls_certificate_path pointing to a file containing a chain of certificates
|
2015-07-09 00:45:41 +01:00 |
Matthew Hodgson
|
f26a3df1bf
|
oops, context.tls_certificate_chain_file() expects a file, not a certificate.
|
2015-07-08 21:33:02 +01:00 |
Matthew Hodgson
|
19fa3731ae
|
typo
|
2015-07-08 18:53:41 +01:00 |
Matthew Hodgson
|
64afbe6ccd
|
add new optional config for tls_certificate_chain_path for folks with intermediary SSL certs
|
2015-07-08 18:20:02 +01:00 |
Erik Johnston
|
f0dd568e16
|
Wait for previous attempts at fetching keys for a given server before trying to fetch more
|
2015-06-26 11:25:00 +01:00 |
Erik Johnston
|
b5f55a1d85
|
Implement bulk verify_signed_json API
|
2015-06-26 10:39:34 +01:00 |
Erik Johnston
|
291cba284b
|
Handle the case when things return empty but non none things
|
2015-05-19 14:42:46 +01:00 |
Erik Johnston
|
253f76a0a5
|
Don't always hit get_server_verify_key_v1_direct
|
2015-05-19 14:42:38 +01:00 |
Erik Johnston
|
d3e09f12d0
|
SYN-383: Actually, we expect this value to be a dict
|
2015-05-19 13:12:41 +01:00 |
Erik Johnston
|
2b7120e233
|
SYN-383: Handle the fact the server might not have signed things
|
2015-05-19 12:49:38 +01:00 |
Erik Johnston
|
8b256a7296
|
Don't reuse var names
|
2015-05-19 11:58:22 +01:00 |
Erik Johnston
|
2aeee2a905
|
SYN-383: Fix parsing of verify_keys and catching of _DefGen_Return
|
2015-05-19 11:56:18 +01:00 |
Mark Haines
|
c6a03c46e6
|
SYN-383: Extract the response list from 'server_keys' in the response JSON as it might work better than iterating over the top level dict
|
2015-05-19 10:23:02 +01:00 |
Mark Haines
|
ec07dba29e
|
Merge pull request #143 from matrix-org/erikj/SYN-375
SYN-375 - Lots of unhandled deferred exceptions.
|
2015-05-12 15:25:54 +01:00 |
Erik Johnston
|
476899295f
|
Change the way we do logging contexts so that they survive divergences
|
2015-05-08 16:32:18 +01:00 |
Erik Johnston
|
fca28d243e
|
Change the way we create observers to deferreds so that we don't get spammed by 'unhandled errors'
|
2015-05-08 16:28:08 +01:00 |
Mark Haines
|
1319905d7a
|
Use a defer.gatherResults to collect results from the perspective servers
|
2015-04-29 13:31:14 +01:00 |
Mark Haines
|
74874ffda7
|
Update the query format used by keyring to match current key v2 spec
|
2015-04-29 12:14:08 +01:00 |
Mark Haines
|
46d200a3a1
|
Implement minimum_valid_until_ts in the remote key resource
|
2015-04-29 11:57:26 +01:00 |
Mark Haines
|
f8b865264a
|
Merge branch 'develop' into key_distribution
Conflicts:
synapse/crypto/keyring.py
|
2015-04-27 18:29:32 +01:00 |
Erik Johnston
|
2c70849dc3
|
Fix newlines
|
2015-04-27 14:38:29 +01:00 |
Erik Johnston
|
0a016b0525
|
Pull inner function out.
|
2015-04-27 14:37:24 +01:00 |
Erik Johnston
|
e701aec2d1
|
Implement locks using create_observer for fetching media and server keys
|
2015-04-27 14:20:26 +01:00 |
Mark Haines
|
288702170d
|
Add config for setting the perspective servers
|
2015-04-24 17:01:34 +01:00 |
Mark Haines
|
4bbf7156ef
|
Update to match the specification for key/v2
|
2015-04-23 16:39:13 +01:00 |
Mark Haines
|
f30d47c876
|
Implement remote key lookup api
|
2015-04-22 14:21:08 +01:00 |
Mark Haines
|
2f9157b427
|
Implement v2 key lookup
|
2015-04-20 16:23:47 +01:00 |
Mark Haines
|
8d761134c2
|
Fail quicker for 4xx responses in the key client, optional hit a different API path
|
2015-04-15 16:57:58 +01:00 |
Erik Johnston
|
3ce8540484
|
Don't look for an TLS private key if we have set --no-tls
|
2015-03-06 11:34:06 +00:00 |
Erik Johnston
|
5b5c7a28d6
|
Log error message when we fail to fetch remote server keys
|
2015-03-05 17:09:13 +00:00 |
Erik Johnston
|
9371019133
|
Try to only back off if we think we failed to connect to the remote
|
2015-02-17 18:13:34 +00:00 |
Erik Johnston
|
2b8f1a956c
|
Add per server retry limiting.
Factor out the pre destination retry logic from TransactionQueue so it
can be reused in both get_pdu and crypto.keyring
|
2015-02-17 17:20:56 +00:00 |
Erik Johnston
|
5025305fb2
|
Rate limit retries when fetching server keys.
|
2015-02-17 15:57:42 +00:00 |
Erik Johnston
|
4ebbaf0d43
|
Blunty replace json with simplejson
|
2015-02-11 14:23:10 +00:00 |
Mark Haines
|
84a769cdb7
|
Fix code-style
|
2015-02-10 17:58:36 +00:00 |
Erik Johnston
|
823999716e
|
Fix bug in timeout handling in keyclient
|
2015-01-30 11:08:01 +00:00 |
Mark Haines
|
adb04b1e57
|
Update copyright notices
|
2015-01-06 13:21:39 +00:00 |
Erik Johnston
|
95aa903ffa
|
Try and figure out how and why signatures are being changed.
|
2014-12-10 11:37:47 +00:00 |
Erik Johnston
|
609c31e8df
|
More bug fixes
|
2014-12-08 17:50:56 +00:00 |
Erik Johnston
|
c31dba86ec
|
Convert rest and handlers to use new event structure
|
2014-12-04 15:50:01 +00:00 |
Erik Johnston
|
75b4329aaa
|
WIP for new way of managing events.
|
2014-12-03 16:07:21 +00:00 |
David Baker
|
f1c7f8e813
|
Merge branch 'develop' into http_client_refactor
|
2014-11-20 17:49:48 +00:00 |
David Baker
|
e377d33652
|
Separate out the matrix http client completely because just about all of its code it now separate from the simple case we need for standard HTTP(S)
|
2014-11-20 17:41:56 +00:00 |
Mark Haines
|
dfdda2c871
|
Use module loggers rather than the root logger. Exceptions caused by bad clients shouldn't cause ERROR level logging. Fix sql logging to use 'repr' rather than 'str'
|
2014-11-20 17:10:37 +00:00 |
Mark Haines
|
32090aee16
|
Add a few missing yields, Move deferred lists inside PreserveLoggingContext because they don't interact well with the logging contexts
|
2014-11-20 16:24:00 +00:00 |
Mark Haines
|
cb4b6c844a
|
Merge PDUs and Events into one object
|
2014-11-14 21:25:02 +00:00 |
Mark Haines
|
8c2b5ea7c4
|
Fix PDU and event signatures
|
2014-11-14 19:11:04 +00:00 |
Mark Haines
|
de1ec90133
|
Validate signatures on incoming events
|
2014-11-14 19:11:04 +00:00 |
Mark Haines
|
e903c941cb
|
Merge branch 'develop' into request_logging
Conflicts:
setup.py
synapse/storage/_base.py
synapse/util/async.py
|
2014-11-14 11:16:50 +00:00 |
Erik Johnston
|
6cb6cb9e69
|
Tidy up some of the unused sql tables
|
2014-11-10 10:31:00 +00:00 |
Erik Johnston
|
1c06806f90
|
Finish redaction algorithm.
|
2014-11-10 10:21:32 +00:00 |
Erik Johnston
|
97a096b507
|
Add hash of current state to events
|
2014-11-07 11:37:06 +00:00 |
Erik Johnston
|
68698e0ac8
|
Fix bugs in generating event signatures and hashing
|
2014-11-03 17:51:42 +00:00 |
Erik Johnston
|
82a6b83524
|
Don't assume event has hashes key already
|
2014-11-03 11:32:12 +00:00 |
Erik Johnston
|
ecabff7eb4
|
Sign evnets
|
2014-10-31 17:08:52 +00:00 |
Erik Johnston
|
d30d79b5be
|
Make prev_event signing work again.
|
2014-10-31 15:35:39 +00:00 |
Erik Johnston
|
ef9c4476a0
|
Merge branch 'develop' of github.com:matrix-org/synapse into federation_authorization
|
2014-10-30 11:18:28 +00:00 |
Mark Haines
|
7c06399512
|
Merge branch 'develop' into request_logging
Conflicts:
synapse/config/logger.py
|
2014-10-30 11:13:58 +00:00 |
Mark Haines
|
7d709542ca
|
Fix pep8 warnings
|
2014-10-30 11:10:17 +00:00 |
Mark Haines
|
b29517bd01
|
Add a request-id to each log line
|
2014-10-30 01:21:33 +00:00 |
Mark Haines
|
5e2236f9ff
|
fix pyflakes warnings
|
2014-10-27 11:19:15 +00:00 |
Mark Haines
|
acb2d171e8
|
Merge branch 'develop' into event_signing
|
2014-10-27 11:14:11 +00:00 |
Mark Haines
|
d56e389a95
|
Fix pyflakes warnings
|
2014-10-27 10:33:17 +00:00 |
Mark Haines
|
15be181642
|
Add log message if we can't enable ECC. Require pyopenssl>=0.14 since 0.13 doesn't seem to have ECC
|
2014-10-24 19:27:12 +01:00 |
Mark Haines
|
3187b5ba2d
|
add log line for checking verifying signatures
|
2014-10-17 20:56:21 +01:00 |
Mark Haines
|
8afbece683
|
Remove signatures from pdu when computing hashes to use for prev pdus, make sure is_state is a boolean.
|
2014-10-17 19:41:32 +01:00 |
Mark Haines
|
c5cec1cc77
|
Rename 'meta' to 'unsigned'
|
2014-10-17 16:50:04 +01:00 |
Mark Haines
|
c8f996e29f
|
Hash the same content covered by the signature when referencing previous PDUs rather than reusing the PDU content hashes
|
2014-10-17 11:40:35 +01:00 |
Mark Haines
|
66104da10c
|
Sign outgoing PDUs.
|
2014-10-16 00:09:48 +01:00 |
Mark Haines
|
1c445f88f6
|
persist hashes and origin signatures for PDUs
|
2014-10-15 17:09:04 +01:00 |
Mark Haines
|
34034af1c9
|
Better response message when signature is missing or unsupported
|
2014-10-13 16:47:23 +01:00 |
Mark Haines
|
07639c79d9
|
Respond with more helpful error messages for unsigned requests
|
2014-10-13 16:39:15 +01:00 |
Mark Haines
|
b95a178584
|
SYN-75 Verify signatures on server to server transactions
|
2014-09-30 15:15:10 +01:00 |
Mark Haines
|
e3117a2a23
|
Add a _matrix/key/v1 resource with the verification keys of the local server
|
2014-09-23 18:43:34 +01:00 |
Matthew Hodgson
|
8a7c1d6a00
|
fix the copyright holder from matrix.org to OpenMarket Ltd, as matrix.org hasn't been incorporated in time for launch.
|
2014-09-03 17:31:57 +01:00 |
Mark Haines
|
c6eafdfbaf
|
Add copyright notices and fix pyflakes errors
|
2014-09-03 09:43:11 +01:00 |
Mark Haines
|
79650f795f
|
enable ECDHE ciphers
|
2014-09-01 22:29:44 +01:00 |
Mark Haines
|
6200630904
|
Add server TLS context factory
|
2014-09-01 17:55:35 +01:00 |
Mark Haines
|
d9ebe531ed
|
Add config tree to synapse. Add support for reading config from a file
|
2014-08-31 16:06:39 +01:00 |
Matthew Hodgson
|
f98e6380f1
|
add in whitespace after copyright statements to improve legibility
|
2014-08-13 03:14:34 +01:00 |
matrix.org
|
4f475c7697
|
Reference Matrix Home Server
|
2014-08-12 15:10:52 +01:00 |