Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Remove redundant code to reload tls cert #10054

Merged
merged 3 commits into from
May 27, 2021
Merged

Remove redundant code to reload tls cert #10054

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
c173e2b
Remove redundant code to reload tls cert
richvdh May 24, 2021
92b6df9
fix test
richvdh May 25, 2021
d1044e1
update changelog
richvdh May 25, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions changelog.d/10054.misc
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Remove some dead code regarding TLS certificate handling.
5 changes: 1 addition & 4 deletions synapse/app/_base.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -261,13 +261,10 @@ def refresh_certificate(hs):
Refresh the TLS certificates that Synapse is using by re-reading them from
disk and updating the TLS context factories to use them.
"""

if not hs.config.has_tls_listener():
# attempt to reload the certs for the good of the tls_fingerprints
hs.config.read_certificate_from_disk(require_cert_and_key=False)
return

hs.config.read_certificate_from_disk(require_cert_and_key=True)
hs.config.read_certificate_from_disk()
hs.tls_server_context_factory = context_factory.ServerContextFactory(hs.config)

if hs._listening_services:
Expand Down
22 changes: 3 additions & 19 deletions synapse/config/tls.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -215,28 +215,12 @@ def is_disk_cert_valid(self, allow_self_signed=True):
days_remaining = (expires_on - now).days
return days_remaining

def read_certificate_from_disk(self, require_cert_and_key: bool):
def read_certificate_from_disk(self):
"""
Read the certificates and private key from disk.

Args:
require_cert_and_key: set to True to throw an error if the certificate
and key file are not given
"""
if require_cert_and_key:
self.tls_private_key = self.read_tls_private_key()
self.tls_certificate = self.read_tls_certificate()
elif self.tls_certificate_file:
# we only need the certificate for the tls_fingerprints. Reload it if we
# can, but it's not a fatal error if we can't.
try:
self.tls_certificate = self.read_tls_certificate()
except Exception as e:
logger.info(
"Unable to read TLS certificate (%s). Ignoring as no "
"tls listeners enabled.",
e,
)
self.tls_private_key = self.read_tls_private_key()
self.tls_certificate = self.read_tls_certificate()

def generate_config_section(
self,
Expand Down
3 changes: 1 addition & 2 deletions tests/config/test_tls.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -74,12 +74,11 @@ def test_warn_self_signed(self):

config = {
"tls_certificate_path": os.path.join(config_dir, "cert.pem"),
"tls_fingerprints": [],
}

t = TestConfig()
t.read_config(config, config_dir_path="", data_dir_path="")
t.read_certificate_from_disk(require_cert_and_key=False)
t.read_tls_certificate()

warnings = self.flushWarnings()
self.assertEqual(len(warnings), 1)
Expand Down