95e47b2e78 
								
									
								
							
								 
							
						 
						
							
							
								
								[pyupgrade] `synapse/` ( #10348 )  
							
							... 
							
							
							
							This PR is tantamount to running 
```
pyupgrade --py36-plus --keep-percent-format `find synapse/ -type f -name "*.py"`
```
Part of #9744  
							
						 
						
							2021-07-19 15:28:05 +01:00  
				
					
						
							
							
								 
						
							
							
								bf72d10dbf 
								
									
								
							
								 
							
						 
						
							
							
								
								Use inline type hints in various other places (in `synapse/`) ( #10380 )  
							
							
							
						 
						
							2021-07-15 11:02:43 +01:00  
				
					
						
							
							
								 
						
							
							
								08c8469322 
								
									
								
							
								 
							
						 
						
							
							
								
								Remove support for ACME v1 ( #10194 )  
							
							... 
							
							
							
							Fixes  #9778 
ACME v1 has been fully decommissioned for existing installs on June 1st 2021(see https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430/27 ), so we can now safely remove it from Synapse. 
						
							2021-06-17 18:56:48 +01:00  
				
					
						
							
							
								 
						
							
							
								fe5dad46b0 
								
									
								
							
								 
							
						 
						
							
							
								
								Remove redundant code to reload tls cert ( #10054 )  
							
							... 
							
							
							
							we don't need to reload the tls cert if we don't have any tls listeners.
Follow-up to #9280 . 
							
						 
						
							2021-05-27 10:34:24 +01:00  
				
					
						
							
							
								 
						
							
							
								057ce7b754 
								
									
								
							
								 
							
						 
						
							
							
								
								Remove tls_fingerprints option ( #9280 )  
							
							... 
							
							
							
							Signed-off-by: Jerin J Titus <72017981+jerinjtitus@users.noreply.github.com> 
							
						 
						
							2021-05-24 17:43:30 +01:00  
				
					
						
							
							
								 
						
							
							
								03318a766c 
								
									
								
							
								 
							
						 
						
							
							
								
								Merge pull request from GHSA-x345-32rc-8h85  
							
							... 
							
							
							
							* tests for push rule pattern matching
* tests for acl pattern matching
* factor out common `re.escape`
* Factor out common re.compile
* Factor out common anchoring code
* add word_boundary support to `glob_to_regex`
* Use `glob_to_regex` in push rule evaluator
NB that this drops support for character classes. I don't think anyone ever
used them.
* Improve efficiency of globs with multiple wildcards
The idea here is that we compress multiple `*` globs into a single `.*`. We
also need to consider `?`, since `*?*` is as hard to implement efficiently as
`**`.
* add assertion on regex pattern
* Fix mypy
* Simplify glob_to_regex
* Inline the glob_to_regex helper function
Signed-off-by: Dan Callahan <danc@element.io>
* Moar comments
Signed-off-by: Dan Callahan <danc@element.io>
Co-authored-by: Dan Callahan <danc@element.io> 
							
						 
						
							2021-05-11 11:47:23 +02:00  
				
					
						
							
							
								 
						
							
							
								4b965c862d 
								
									
								
							
								 
							
						 
						
							
							
								
								Remove redundant "coding: utf-8" lines ( #9786 )  
							
							... 
							
							
							
							Part of #9744 
Removes all redundant `# -*- coding: utf-8 -*-` lines from files, as python 3 automatically reads source code as utf-8 now.
`Signed-off-by: Jonathan de Jong <jonathan@automatia.nl>` 
							
						 
						
							2021-04-14 15:34:27 +01:00  
				
					
						
							
							
								 
						
							
							
								1d5f0e3529 
								
									
								
							
								 
							
						 
						
							
							
								
								Bump black configuration to target py36 ( #9781 )  
							
							... 
							
							
							
							Signed-off-by: Dan Callahan <danc@element.io> 
							
						 
						
							2021-04-13 10:41:34 +01:00  
				
					
						
							
							
								 
						
							
							
								4ff0201e62 
								
									
								
							
								 
							
						 
						
							
							
								
								Enable mypy checking for unreachable code and fix instances. ( #8432 )  
							
							
							
						 
						
							2020-10-01 08:09:18 -04:00  
				
					
						
							
							
								 
						
							
							
								c1ef579b63 
								
									
								
							
								 
							
						 
						
							
							
								
								Add prometheus metrics to track federation delays ( #8430 )  
							
							... 
							
							
							
							Add a pair of federation metrics to track the delays in sending PDUs to/from 
particular servers. 
							
						 
						
							2020-10-01 11:09:12 +01:00  
				
					
						
							
							
								 
						
							
							
								a3f11567d9 
								
									
								
							
								 
							
						 
						
							
							
								
								Replace all remaining six usage with native Python 3 equivalents ( #7704 )  
							
							
							
						 
						
							2020-06-16 08:51:47 -04:00  
				
					
						
							
							
								 
						
							
							
								509e381afa 
								
									
								
							
								 
							
						 
						
							
							
								
								Clarify list/set/dict/tuple comprehensions and enforce via flake8 ( #6957 )  
							
							... 
							
							
							
							Ensure good comprehension hygiene using flake8-comprehensions. 
							
						 
						
							2020-02-21 07:15:07 -05:00  
				
					
						
							
							
								 
						
							
							
								36af094017 
								
									
								
							
								 
							
						 
						
							
							
								
								Linters are hard but in they end they just want what's best for us  
							
							
							
						 
						
							2020-02-13 17:03:41 +00:00  
				
					
						
							
							
								 
						
							
							
								ef9c275d96 
								
									
								
							
								 
							
						 
						
							
							
								
								Add a separator for the config warning  
							
							
							
						 
						
							2020-02-13 15:44:14 +00:00  
				
					
						
							
							
								 
						
							
							
								5820ed905f 
								
									
								
							
								 
							
						 
						
							
							
								
								Add mention and warning about ACME v1 deprecation to the Synapse config  
							
							
							
						 
						
							2020-02-13 14:20:08 +00:00  
				
					
						
							
							
								 
						
							
							
								bce557175b 
								
									
								
							
								 
							
						 
						
							
							
								
								Allow empty federation_certificate_verification_whitelist ( #6849 )  
							
							
							
						 
						
							2020-02-06 14:45:01 +00:00  
				
					
						
							
							
								 
						
							
							
								409c62b27b 
								
									
								
							
								 
							
						 
						
							
							
								
								Add config linting script that checks for bool casing ( #6203 )  
							
							... 
							
							
							
							Add a linting script that enforces all boolean values in the default config be lowercase.
This has annoyed me for a while so I decided to fix it. 
							
						 
						
							2019-10-23 13:22:54 +01:00  
				
					
						
							
							
								 
						
							
							
								f743108a94 
								
									
								
							
								 
							
						 
						
							
							
								
								Refactor HomeserverConfig so it can be typechecked ( #6137 )  
							
							
							
						 
						
							2019-10-10 09:39:35 +01:00  
				
					
						
							
							
								 
						
							
							
								850dcfd2d3 
								
									
								
							
								 
							
						 
						
							
							
								
								Fix well-known lookups with the federation certificate whitelist ( #5997 )  
							
							
							
						 
						
							2019-09-14 04:58:38 +10:00  
				
					
						
							
							
								 
						
							
							
								6d97843793 
								
									
								
							
								 
							
						 
						
							
							
								
								Config templating ( #5900 )  
							
							... 
							
							
							
							Template config files
* Imagine a system composed entirely of x, y, z etc and the basic operations..
Wait George, why XOR? Why not just neq?
George: Eh, I didn't think of that..
Co-Authored-By: Erik Johnston <erik@matrix.org> 
							
						 
						
							2019-08-28 13:12:22 +01:00  
				
					
						
							
							
								 
						
							
							
								be3b901ccd 
								
									
								
							
								 
							
						 
						
							
							
								
								Update the TLS cipher string and provide configurability for TLS on outgoing federation ( #5550 )  
							
							
							
						 
						
							2019-06-28 18:19:09 +10:00  
				
					
						
							
							
								 
						
							
							
								16b52642e2 
								
							
								 
							
						 
						
							
							
								
								Don't load the generated config as the default.  
							
							... 
							
							
							
							It's too confusing. 
							
						 
						
							2019-06-24 14:14:52 +01:00  
				
					
						
							
							
								 
						
							
							
								edea4bb5be 
								
							
								 
							
						 
						
							
							
								
								Allow configuration of the path used for ACME account keys.  
							
							... 
							
							
							
							Because sticking it in the same place as the config isn't necessarily the right
thing to do. 
							
						 
						
							2019-06-24 13:51:22 +01:00  
				
					
						
							
							
								 
						
							
							
								c3c6b00d95 
								
									
								
							
								 
							
						 
						
							
							
								
								Pass config_dir_path and data_dir_path into Config.read_config. ( #5522 )  
							
							... 
							
							
							
							* Pull config_dir_path and data_dir_path calculation out of read_config_files
* Pass config_dir_path and data_dir_path into read_config 
							
						 
						
							2019-06-24 11:34:45 +01:00  
				
					
						
							
							
								 
						
							
							
								32e7c9e7f2 
								
									
								
							
								 
							
						 
						
							
							
								
								Run Black. ( #5482 )  
							
							
							
						 
						
							2019-06-20 19:32:02 +10:00  
				
					
						
							
							
								 
						
							
							
								7603a706eb 
								
							
								 
							
						 
						
							
							
								
								Merge branch 'rav/fix_custom_ca' into rav/enable_tls_verification  
							
							
							
						 
						
							2019-06-05 16:32:35 +01:00  
				
					
						
							
							
								 
						
							
							
								f8a45302c9 
								
							
								 
							
						 
						
							
							
								
								Fix `federation_custom_ca_list` configuration option.  
							
							... 
							
							
							
							Previously, setting this option would cause an exception at startup. 
							
						 
						
							2019-06-05 16:19:07 +01:00  
				
					
						
							
							
								 
						
							
							
								e2dfb922e1 
								
							
								 
							
						 
						
							
							
								
								Validate federation server TLS certificates by default.  
							
							
							
						 
						
							2019-06-05 14:17:50 +01:00  
				
					
						
							
							
								 
						
							
							
								6824ddd93d 
								
							
								 
							
						 
						
							
							
								
								Config option for verifying federation certificates (MSC 1711) ( #4967 )  
							
							
							
						 
						
							2019-04-25 14:22:49 +01:00  
				
					
						
							
							
								 
						
							
							
								7998ca3a66 
								
									
								
							
								 
							
						 
						
							
							
								
								Document using a certificate with a full chain ( #4849 )  
							
							
							
						 
						
							2019-03-13 15:26:29 +00:00  
				
					
						
							
							
								 
						
							
							
								641c409e4e 
								
							
								 
							
						 
						
							
							
								
								Fix ACME config for python 2. ( #4717 )  
							
							... 
							
							
							
							Fixes  #4675 . 
						
							2019-02-25 11:16:33 -08:00  
				
					
						
							
							
								 
						
							
							
								5f9bdf90fe 
								
							
								 
							
						 
						
							
							
								
								Attempt to make default config more consistent  
							
							... 
							
							
							
							The general idea here is that config examples should just have a hash and no
extraneous whitespace, both to make it easier for people who don't understand
yaml, and to make the examples stand out from the comments. 
							
						 
						
							2019-02-19 13:54:29 +00:00  
				
					
						
							
							
								 
						
							
							
								5a707a2f9a 
								
							
								 
							
						 
						
							
							
								
								Improve config documentation  
							
							
							
						 
						
							2019-02-19 10:59:26 +00:00  
				
					
						
							
							
								 
						
							
							
								45bb55c6de 
								
							
								 
							
						 
						
							
							
								
								Use a configuration parameter to give the domain to generate a certificate for  
							
							
							
						 
						
							2019-02-18 15:46:23 +00:00  
				
					
						
							
							
								 
						
							
							
								a4ce91396b 
								
									
								
							
								 
							
						 
						
							
							
								
								Disable TLS by default ( #4614 )  
							
							
							
						 
						
							2019-02-12 10:52:08 +00:00  
				
					
						
							
							
								 
						
							
							
								32b781bfe2 
								
									
								
							
								 
							
						 
						
							
							
								
								Fix error when loading cert if tls is disabled ( #4618 )  
							
							... 
							
							
							
							If TLS is disabled, it should not be an error if no cert is given.
Fixes  #4554 . 
							
						 
						
							2019-02-12 10:51:31 +00:00  
				
					
						
							
							
								 
						
							
							
								0ca2908653 
								
							
								 
							
						 
						
							
							
								
								fix tests  
							
							
							
						 
						
							2019-02-11 22:01:27 +00:00  
				
					
						
							
							
								 
						
							
							
								4fddf8fc77 
								
							
								 
							
						 
						
							
							
								
								Infer no_tls from presence of TLS listeners  
							
							... 
							
							
							
							Rather than have to specify `no_tls` explicitly, infer whether we need to load
the TLS keys etc from whether we have any TLS-enabled listeners. 
							
						 
						
							2019-02-11 21:39:14 +00:00  
				
					
						
							
							
								 
						
							
							
								086f6f27d4 
								
							
								 
							
						 
						
							
							
								
								Logging improvements around TLS certs  
							
							... 
							
							
							
							Log which file we're reading keys and certs from, and refactor the code a bit
in preparation for other work 
							
						 
						
							2019-02-11 21:02:06 +00:00  
				
					
						
							
							
								 
						
							
							
								6e2a5aa050 
								
							
								 
							
						 
						
							
							
								
								ACME Reprovisioning ( #4522 )  
							
							
							
						 
						
							2019-02-11 10:36:26 +00:00  
				
					
						
							
							
								 
						
							
							
								4ffd10f46d 
								
							
								 
							
						 
						
							
							
								
								Be tolerant of blank TLS fingerprints config ( #4589 )  
							
							
							
						 
						
							2019-02-11 10:04:27 +00:00  
				
					
						
							
							
								 
						
							
							
								bf1e4d96ad 
								
									
								
							
								 
							
						 
						
							
							
								
								Fix default ACME config for py2 ( #4564 )  
							
							... 
							
							
							
							Fixes  #4559  
						
							2019-02-05 11:37:33 +00:00  
				
					
						
							
							
								 
						
							
							
								d7e27a1f08 
								
									
								
							
								 
							
						 
						
							
							
								
								fix typo in config comments ( #4557 )  
							
							
							
						 
						
							2019-02-05 11:32:45 +00:00  
				
					
						
							
							
								 
						
							
							
								7615a8ced1 
								
							
								 
							
						 
						
							
							
								
								ACME config cleanups ( #4525 )  
							
							... 
							
							
							
							* Handle listening for ACME requests on IPv6 addresses
the weird url-but-not-actually-a-url-string doesn't handle IPv6 addresses
without extra quoting. Building a string which you are about to parse again
seems like a weird choice. Let's just use listenTCP, which is consistent with
what we do elsewhere.
* Clean up the default ACME config
make it look a bit more consistent with everything else, and tweak the defaults
to listen on port 80.
* newsfile 
							
						 
						
							2019-01-30 14:17:55 +00:00  
				
					
						
							
							
								 
						
							
							
								6bd4374636 
								
									
								
							
								 
							
						 
						
							
							
								
								Do not generate self-signed TLS certificates by default. ( #4509 )  
							
							
							
						 
						
							2019-01-29 14:09:10 +00:00  
				
					
						
							
							
								 
						
							
							
								6129e52f43 
								
									
								
							
								 
							
						 
						
							
							
								
								Support ACME for certificate provisioning ( #4384 )  
							
							
							
						 
						
							2019-01-23 19:39:06 +11:00  
				
					
						
							
							
								 
						
							
							
								23b0813599 
								
									
								
							
								 
							
						 
						
							
							
								
								Require ECDH key exchange & remove dh_params ( #4429 )  
							
							... 
							
							
							
							* remove dh_params and set better cipher string 
							
						 
						
							2019-01-22 21:58:50 +11:00  
				
					
						
							
							
								 
						
							
							
								49af402019 
								
							
								 
							
						 
						
							
							
								
								run isort  
							
							
							
						 
						
							2018-07-09 16:09:20 +10:00  
				
					
						
							
							
								 
						
							
							
								a3f9ddbede 
								
							
								 
							
						 
						
							
							
								
								Open certificate files as bytes  
							
							... 
							
							
							
							That's what pyOpenSSL expects on python3
Signed-off-by: Adrian Tschira <nota@notafile.com> 
							
						 
						
							2018-04-10 17:36:29 +02:00  
				
					
						
							
							
								 
						
							
							
								5e97ca7ee6 
								
							
								 
							
						 
						
							
							
								
								fix typo  
							
							
							
						 
						
							2018-01-16 16:52:35 +00:00