From f26a3df1bf6cabee28f5f91778082c0f26b2378c Mon Sep 17 00:00:00 2001 From: Matthew Hodgson Date: Wed, 8 Jul 2015 21:33:02 +0100 Subject: [PATCH] oops, context.tls_certificate_chain_file() expects a file, not a certificate. --- synapse/config/tls.py | 5 +---- synapse/crypto/context_factory.py | 4 ++-- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/synapse/config/tls.py b/synapse/config/tls.py index 945af38053..5fef63846d 100644 --- a/synapse/config/tls.py +++ b/synapse/config/tls.py @@ -32,10 +32,7 @@ class TlsConfig(Config): tls_certificate_chain_path = config.get("tls_certificate_chain_path") if tls_certificate_chain_path and os.path.exists(tls_certificate_chain_path): - self.tls_certificate_chain = self.read_tls_certificate( - config.get("tls_certificate_chain_path"), - "tls_certificate_chain" - ) + self.tls_certificate_chain_file = tls_certificate_chain_path else: self.tls_certificate_chain = None diff --git a/synapse/crypto/context_factory.py b/synapse/crypto/context_factory.py index 324dc31fe4..d515007ca0 100644 --- a/synapse/crypto/context_factory.py +++ b/synapse/crypto/context_factory.py @@ -38,8 +38,8 @@ class ServerContextFactory(ssl.ContextFactory): logger.exception("Failed to enable elliptic curve for TLS") context.set_options(SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3) context.use_certificate(config.tls_certificate) - if config.tls_certificate_chain: - context.use_certificate_chain_file(config.tls_certificate_chain) + if config.tls_certificate_chain_file: + context.use_certificate_chain_file(config.tls_certificate_chain_file) if not config.no_tls: context.use_privatekey(config.tls_private_key)