56 lines
1.5 KiB
Plaintext
56 lines
1.5 KiB
Plaintext
---
|
|
summary: Check the TLS certificate matches the fingerprint in the key response when connecting to a server over federation
|
|
---
|
|
created: 2015-08-28 14:29:59.0
|
|
creator: markjh
|
|
description: ''
|
|
id: '11827'
|
|
key: SYN-457
|
|
number: '457'
|
|
priority: '1'
|
|
project: '10000'
|
|
reporter: markjh
|
|
status: '1'
|
|
type: '2'
|
|
updated: 2016-11-07 18:28:18.0
|
|
votes: '1'
|
|
watches: '2'
|
|
workflowId: '11930'
|
|
---
|
|
actions:
|
|
- author: richvdh
|
|
body: |-
|
|
why is this an important thing to do?
|
|
|
|
People are setting up their synapses with federation behind reverse-proxies and not telling synapse about the cert. If we ever fix it, we're going to break them. In the meantime, confusion reigns.
|
|
created: 2016-10-07 13:00:14.0
|
|
id: '13176'
|
|
issue: '11827'
|
|
type: comment
|
|
updateauthor: richvdh
|
|
updated: 2016-10-07 13:00:14.0
|
|
- author: richvdh
|
|
body: (how do we cope with replacing certs on the reverse-proxy?)
|
|
created: 2016-10-07 13:03:20.0
|
|
id: '13177'
|
|
issue: '11827'
|
|
type: comment
|
|
updateauthor: richvdh
|
|
updated: 2016-10-07 13:03:20.0
|
|
- author: richvdh
|
|
body: apparently we check the tls cert on first connection but not thereafter
|
|
created: 2016-10-07 13:18:12.0
|
|
id: '13180'
|
|
issue: '11827'
|
|
type: comment
|
|
updateauthor: richvdh
|
|
updated: 2016-10-07 13:18:12.0
|
|
- author: richvdh
|
|
body: 'Migrated to github: https://github.com/matrix-org/synapse/issues/1362'
|
|
created: 2016-11-07 18:28:18.0
|
|
id: '13684'
|
|
issue: '11827'
|
|
type: comment
|
|
updateauthor: richvdh
|
|
updated: 2016-11-07 18:28:18.0
|