2a4b9ea233
Consistency for how verify_request.deferred is called
...
Define that it is run with no log context, and make sure that happens.
If we aren't careful to reset the logcontext, we can't bung the deferreds into
defer.gatherResults etc. We don't actually do that directly, but we *do*
resolve other deferreds from affected callbacks (notably the server_to_deferred
map in _start_key_lookups), and those *do* get passed into
defer.gatherResults. It turns out that this way ends up being least confusing.
2017-09-20 01:32:42 +01:00
3b98439eca
Factor out _start_key_lookups
...
... to make it easier to see what's going on.
2017-09-20 01:32:42 +01:00
fde63b880d
Replace `server_and_json` with `verify_requests`
...
This is a precursor to factoring some of this code out.
2017-09-20 01:32:42 +01:00
2d511defd9
pull out handle_key_deferred to top level
...
There's no need for this to be a nested definition; pulling it out not only
makes it more efficient, but makes it easier to check that it's not accessing
any local variables it shouldn't be.
2017-09-20 01:32:42 +01:00
dd1ea9763a
Fix incorrect key_ids in error message
2017-09-20 01:32:42 +01:00
9864efa532
Fix concurrent server_key requests ( #2458 )
...
Fix a bug where we could end up firing off multiple requests for server_keys
for the same server at the same time.
2017-09-19 23:25:44 +01:00
290777b3d9
Clean up and document handling of logcontexts in Keyring ( #2452 )
...
I'm still unclear on what the intended behaviour for
`verify_json_objects_for_server` is, but at least I now understand the
behaviour of most of the things it calls...
2017-09-18 18:31:01 +01:00
f18373dc5d
Fix iteration of requests_missing_keys; list doesn't have .values()
...
Signed-off-by: Kenny Keslar <r3dey3@r3dey3.com>
2017-07-26 22:44:19 -05:00
9397edb28b
Merge pull request #2050 from matrix-org/rav/federation_backoff
...
push federation retry limiter down to matrixfederationclient
2017-03-23 22:27:01 +00:00
4bd597d9fc
push federation retry limiter down to matrixfederationclient
...
rather than having to instrument everywhere we make a federation call,
make the MatrixFederationHttpClient manage the retry limiter.
2017-03-23 09:28:46 +00:00
64778693be
fix up some key verif docstrings
2017-03-21 13:27:50 +00:00
c36d15d2de
Add some debug to help diagnose weird federation issue
2017-03-20 15:36:14 +00:00
9219139351
Preserve some logcontexts
2016-08-24 11:58:40 +01:00
04fc8bbcb0
Update keyring Measure
2016-08-19 18:23:44 +01:00
2426c2f21a
Measure keyrings
2016-08-19 18:23:44 +01:00
fa1ce4d8ad
Don't print stack traces when failing to get remote keys
2016-08-10 10:44:37 +01:00
a285194021
Merge branch 'erikj/key_client_fix' of github.com:matrix-org/synapse into release-v0.17.0
2016-07-28 10:47:06 +01:00
29b25d59c6
Merge branch 'develop' into markjh/verify
...
Conflicts:
synapse/crypto/keyring.py
2016-07-27 15:11:02 +01:00
884b800899
Merge pull request #955 from matrix-org/markjh/only_from2
...
Add a couple more checks to the keyring
2016-07-27 15:08:22 +01:00
fe1b369946
Clean up verify_json_objects_for_server
2016-07-27 14:10:43 +01:00
a4b06b619c
Add a couple more checks to the keyring
2016-07-26 19:50:11 +01:00
87ffd21b29
Fix a couple of bugs in the transaction and keyring code
2016-07-26 19:19:08 +01:00
d26b660aa6
Cache getPeer
2016-07-21 17:38:51 +01:00
cf94a78872
Set host not path
2016-07-21 11:45:53 +01:00
081e5d55e6
Send the correct host header when fetching keys
2016-07-21 11:14:54 +01:00
f28643cea9
Uncommit accidentally commited edit to cipher list
2016-05-10 18:44:32 +02:00
d46b18a00f
Pass through _get_event_txn
2016-05-10 18:27:06 +02:00
2e2be463f8
Make key client send a Host header
2016-03-11 10:29:05 +00:00
2c1fbea531
Fix up logcontexts
2016-02-08 14:26:45 +00:00
6c28ac260c
copyrights
2016-01-07 04:26:29 +00:00
a6ba41e078
Actually look up required remote server key IDs
...
set.union() is a side-effect-free function that returns the union of two
sets. This clearly wanted .update(), which is the side-effecting mutator
version.
2015-12-18 21:36:42 +00:00
0eabfa55f6
Fix typo
2015-11-20 17:17:58 +00:00
6408541075
Don't limit connections to perspective servers
2015-11-20 17:15:44 +00:00
ffe8cf7e59
Fix bug where we sometimes didn't fetch all the keys requested for a
...
server.
2015-09-17 10:21:32 +01:00
2c8f16257a
Merge pull request #272 from matrix-org/daniel/insecureclient
...
Allow configuration to ignore invalid SSL certs
2015-09-15 16:52:38 +01:00
dd0867f5ba
Various bug fixes to crypto.keyring
2015-09-09 17:02:39 +01:00
81a93ddcc8
Allow configuration to ignore invalid SSL certs
...
This will be useful for sytest, and sytest only, hence the aggressive
config key name.
2015-09-09 12:02:07 +01:00
78323ccdb3
Remove syutil dependency in favour of smaller single-purpose libraries
2015-08-24 16:17:38 +01:00
0b3389bcd2
Merge pull request #194 from matrix-org/erikj/bulk_verify_sigs
...
Implement bulk verify_signed_json API
2015-07-10 13:46:53 +01:00
fb8d2862c1
remove the tls_certificate_chain_path param and simply support tls_certificate_path pointing to a file containing a chain of certificates
2015-07-09 00:45:41 +01:00
f26a3df1bf
oops, context.tls_certificate_chain_file() expects a file, not a certificate.
2015-07-08 21:33:02 +01:00
19fa3731ae
typo
2015-07-08 18:53:41 +01:00
64afbe6ccd
add new optional config for tls_certificate_chain_path for folks with intermediary SSL certs
2015-07-08 18:20:02 +01:00
f0dd568e16
Wait for previous attempts at fetching keys for a given server before trying to fetch more
2015-06-26 11:25:00 +01:00
b5f55a1d85
Implement bulk verify_signed_json API
2015-06-26 10:39:34 +01:00
291cba284b
Handle the case when things return empty but non none things
2015-05-19 14:42:46 +01:00
253f76a0a5
Don't always hit get_server_verify_key_v1_direct
2015-05-19 14:42:38 +01:00
d3e09f12d0
SYN-383: Actually, we expect this value to be a dict
2015-05-19 13:12:41 +01:00
2b7120e233
SYN-383: Handle the fact the server might not have signed things
2015-05-19 12:49:38 +01:00
8b256a7296
Don't reuse var names
2015-05-19 11:58:22 +01:00
2aeee2a905
SYN-383: Fix parsing of verify_keys and catching of _DefGen_Return
2015-05-19 11:56:18 +01:00
c6a03c46e6
SYN-383: Extract the response list from 'server_keys' in the response JSON as it might work better than iterating over the top level dict
2015-05-19 10:23:02 +01:00
ec07dba29e
Merge pull request #143 from matrix-org/erikj/SYN-375
...
SYN-375 - Lots of unhandled deferred exceptions.
2015-05-12 15:25:54 +01:00
476899295f
Change the way we do logging contexts so that they survive divergences
2015-05-08 16:32:18 +01:00
fca28d243e
Change the way we create observers to deferreds so that we don't get spammed by 'unhandled errors'
2015-05-08 16:28:08 +01:00
1319905d7a
Use a defer.gatherResults to collect results from the perspective servers
2015-04-29 13:31:14 +01:00
74874ffda7
Update the query format used by keyring to match current key v2 spec
2015-04-29 12:14:08 +01:00
46d200a3a1
Implement minimum_valid_until_ts in the remote key resource
2015-04-29 11:57:26 +01:00
f8b865264a
Merge branch 'develop' into key_distribution
...
Conflicts:
synapse/crypto/keyring.py
2015-04-27 18:29:32 +01:00
2c70849dc3
Fix newlines
2015-04-27 14:38:29 +01:00
0a016b0525
Pull inner function out.
2015-04-27 14:37:24 +01:00
e701aec2d1
Implement locks using create_observer for fetching media and server keys
2015-04-27 14:20:26 +01:00
288702170d
Add config for setting the perspective servers
2015-04-24 17:01:34 +01:00
4bbf7156ef
Update to match the specification for key/v2
2015-04-23 16:39:13 +01:00
f30d47c876
Implement remote key lookup api
2015-04-22 14:21:08 +01:00
2f9157b427
Implement v2 key lookup
2015-04-20 16:23:47 +01:00
8d761134c2
Fail quicker for 4xx responses in the key client, optional hit a different API path
2015-04-15 16:57:58 +01:00
3ce8540484
Don't look for an TLS private key if we have set --no-tls
2015-03-06 11:34:06 +00:00
5b5c7a28d6
Log error message when we fail to fetch remote server keys
2015-03-05 17:09:13 +00:00
9371019133
Try to only back off if we think we failed to connect to the remote
2015-02-17 18:13:34 +00:00
2b8f1a956c
Add per server retry limiting.
...
Factor out the pre destination retry logic from TransactionQueue so it
can be reused in both get_pdu and crypto.keyring
2015-02-17 17:20:56 +00:00
5025305fb2
Rate limit retries when fetching server keys.
2015-02-17 15:57:42 +00:00
4ebbaf0d43
Blunty replace json with simplejson
2015-02-11 14:23:10 +00:00
84a769cdb7
Fix code-style
2015-02-10 17:58:36 +00:00
823999716e
Fix bug in timeout handling in keyclient
2015-01-30 11:08:01 +00:00
adb04b1e57
Update copyright notices
2015-01-06 13:21:39 +00:00
95aa903ffa
Try and figure out how and why signatures are being changed.
2014-12-10 11:37:47 +00:00
609c31e8df
More bug fixes
2014-12-08 17:50:56 +00:00
c31dba86ec
Convert rest and handlers to use new event structure
2014-12-04 15:50:01 +00:00
75b4329aaa
WIP for new way of managing events.
2014-12-03 16:07:21 +00:00
f1c7f8e813
Merge branch 'develop' into http_client_refactor
2014-11-20 17:49:48 +00:00
e377d33652
Separate out the matrix http client completely because just about all of its code it now separate from the simple case we need for standard HTTP(S)
2014-11-20 17:41:56 +00:00
dfdda2c871
Use module loggers rather than the root logger. Exceptions caused by bad clients shouldn't cause ERROR level logging. Fix sql logging to use 'repr' rather than 'str'
2014-11-20 17:10:37 +00:00
32090aee16
Add a few missing yields, Move deferred lists inside PreserveLoggingContext because they don't interact well with the logging contexts
2014-11-20 16:24:00 +00:00
cb4b6c844a
Merge PDUs and Events into one object
2014-11-14 21:25:02 +00:00
8c2b5ea7c4
Fix PDU and event signatures
2014-11-14 19:11:04 +00:00
de1ec90133
Validate signatures on incoming events
2014-11-14 19:11:04 +00:00
e903c941cb
Merge branch 'develop' into request_logging
...
Conflicts:
setup.py
synapse/storage/_base.py
synapse/util/async.py
2014-11-14 11:16:50 +00:00
6cb6cb9e69
Tidy up some of the unused sql tables
2014-11-10 10:31:00 +00:00
1c06806f90
Finish redaction algorithm.
2014-11-10 10:21:32 +00:00
97a096b507
Add hash of current state to events
2014-11-07 11:37:06 +00:00
68698e0ac8
Fix bugs in generating event signatures and hashing
2014-11-03 17:51:42 +00:00
82a6b83524
Don't assume event has hashes key already
2014-11-03 11:32:12 +00:00
ecabff7eb4
Sign evnets
2014-10-31 17:08:52 +00:00
d30d79b5be
Make prev_event signing work again.
2014-10-31 15:35:39 +00:00
ef9c4476a0
Merge branch 'develop' of github.com:matrix-org/synapse into federation_authorization
2014-10-30 11:18:28 +00:00
7c06399512
Merge branch 'develop' into request_logging
...
Conflicts:
synapse/config/logger.py
2014-10-30 11:13:58 +00:00
7d709542ca
Fix pep8 warnings
2014-10-30 11:10:17 +00:00
b29517bd01
Add a request-id to each log line
2014-10-30 01:21:33 +00:00
5e2236f9ff
fix pyflakes warnings
2014-10-27 11:19:15 +00:00
acb2d171e8
Merge branch 'develop' into event_signing
2014-10-27 11:14:11 +00:00
d56e389a95
Fix pyflakes warnings
2014-10-27 10:33:17 +00:00
15be181642
Add log message if we can't enable ECC. Require pyopenssl>=0.14 since 0.13 doesn't seem to have ECC
2014-10-24 19:27:12 +01:00
3187b5ba2d
add log line for checking verifying signatures
2014-10-17 20:56:21 +01:00
8afbece683
Remove signatures from pdu when computing hashes to use for prev pdus, make sure is_state is a boolean.
2014-10-17 19:41:32 +01:00
c5cec1cc77
Rename 'meta' to 'unsigned'
2014-10-17 16:50:04 +01:00
c8f996e29f
Hash the same content covered by the signature when referencing previous PDUs rather than reusing the PDU content hashes
2014-10-17 11:40:35 +01:00
66104da10c
Sign outgoing PDUs.
2014-10-16 00:09:48 +01:00
1c445f88f6
persist hashes and origin signatures for PDUs
2014-10-15 17:09:04 +01:00
34034af1c9
Better response message when signature is missing or unsupported
2014-10-13 16:47:23 +01:00
07639c79d9
Respond with more helpful error messages for unsigned requests
2014-10-13 16:39:15 +01:00
b95a178584
SYN-75 Verify signatures on server to server transactions
2014-09-30 15:15:10 +01:00
e3117a2a23
Add a _matrix/key/v1 resource with the verification keys of the local server
2014-09-23 18:43:34 +01:00
8a7c1d6a00
fix the copyright holder from matrix.org to OpenMarket Ltd, as matrix.org hasn't been incorporated in time for launch.
2014-09-03 17:31:57 +01:00
c6eafdfbaf
Add copyright notices and fix pyflakes errors
2014-09-03 09:43:11 +01:00
79650f795f
enable ECDHE ciphers
2014-09-01 22:29:44 +01:00
6200630904
Add server TLS context factory
2014-09-01 17:55:35 +01:00
d9ebe531ed
Add config tree to synapse. Add support for reading config from a file
2014-08-31 16:06:39 +01:00
f98e6380f1
add in whitespace after copyright statements to improve legibility
2014-08-13 03:14:34 +01:00
4f475c7697
Reference Matrix Home Server
2014-08-12 15:10:52 +01:00
Richard van der Hoff