850dcfd2d3
Fix well-known lookups with the federation certificate whitelist ( #5997 )
2019-09-14 04:58:38 +10:00
a9bcae9f50
Share SSL options for well-known requests
2019-07-31 10:39:24 +01:00
be3b901ccd
Update the TLS cipher string and provide configurability for TLS on outgoing federation ( #5550 )
2019-06-28 18:19:09 +10:00
81b8fdedf2
rename gutwrenched attr
2019-06-10 17:51:11 +01:00
efe7b3176e
Fix federation connections to literal IP addresses
...
turns out we need a shiny version of service_identity to enforce this
correctly.
2019-06-10 15:58:35 +01:00
d11c634ced
clean up impl, and import idna directly
2019-06-10 15:55:12 +01:00
c2b6e945e1
Share an SSL context object between SSL connections
...
This involves changing how the info callbacks work.
2019-06-09 14:01:32 +01:00
6824ddd93d
Config option for verifying federation certificates (MSC 1711) ( #4967 )
2019-04-25 14:22:49 +01:00
561eebe170
fix to use makeContext so that we don't need to rebuild the certificateoptions each time
2019-02-19 16:18:05 +11:00
9645728619
Don't create server contexts when TLS is disabled
...
we aren't going to use them anyway.
2019-02-11 21:32:01 +00:00
97fd29c019
Don't send IP addresses as SNI ( #4452 )
...
The problem here is that we have cut-and-pasted an impl from Twisted, and then
failed to maintain it. It was fixed in Twisted in
https://github.com/twisted/twisted/pull/1047/files ; let's do the same here.
2019-01-24 09:34:44 +00:00
23b0813599
Require ECDH key exchange & remove dh_params ( #4429 )
...
* remove dh_params and set better cipher string
2019-01-22 21:58:50 +11:00
8fd93b5eea
Port crypto/ to Python 3 ( #3822 )
2018-09-12 20:16:31 +10:00
2e9c73e8ca
more generic conversion of str/bytes to unicode
2018-08-09 21:31:26 +02:00
64899341dc
include private functions from twisted
2018-08-09 21:04:22 +02:00
d5c0ce4cad
updated docstring for ServerContextFactory
2018-08-08 19:25:01 +02:00
2903e65aff
fix isort
2018-07-29 19:47:08 +02:00
95341a8f6f
take idna implementation from twisted
2018-06-26 21:15:14 +02:00
b7f34ee348
allow self-signed certificates
2018-06-26 20:41:05 +02:00
07b4f88de9
formatting changes for pep8
2018-06-25 12:31:16 +02:00
3d605853c8
send SNI for federation requests
2018-06-24 22:38:43 +02:00
2ad3fc36e6
Fixes #3135 - Replace _OpenSSLECCurve with crypto.get_elliptic_curve ( #3157 )
...
fixes #3135
Signed-off-by: Will Hunt will@half-shot.uk
2018-04-30 16:21:11 +01:00
eaaabc6c4f
replace 'except:' with 'except Exception:'
...
what could possibly go wrong
2017-10-23 15:52:32 +01:00
6c28ac260c
copyrights
2016-01-07 04:26:29 +00:00
fb8d2862c1
remove the tls_certificate_chain_path param and simply support tls_certificate_path pointing to a file containing a chain of certificates
2015-07-09 00:45:41 +01:00
f26a3df1bf
oops, context.tls_certificate_chain_file() expects a file, not a certificate.
2015-07-08 21:33:02 +01:00
19fa3731ae
typo
2015-07-08 18:53:41 +01:00
64afbe6ccd
add new optional config for tls_certificate_chain_path for folks with intermediary SSL certs
2015-07-08 18:20:02 +01:00
3ce8540484
Don't look for an TLS private key if we have set --no-tls
2015-03-06 11:34:06 +00:00
adb04b1e57
Update copyright notices
2015-01-06 13:21:39 +00:00
7d709542ca
Fix pep8 warnings
2014-10-30 11:10:17 +00:00
15be181642
Add log message if we can't enable ECC. Require pyopenssl>=0.14 since 0.13 doesn't seem to have ECC
2014-10-24 19:27:12 +01:00
8a7c1d6a00
fix the copyright holder from matrix.org to OpenMarket Ltd, as matrix.org hasn't been incorporated in time for launch.
2014-09-03 17:31:57 +01:00
c6eafdfbaf
Add copyright notices and fix pyflakes errors
2014-09-03 09:43:11 +01:00
79650f795f
enable ECDHE ciphers
2014-09-01 22:29:44 +01:00
6200630904
Add server TLS context factory
2014-09-01 17:55:35 +01:00
Amber Brown