Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Set SNI to the server_name, not whatever was in the SRV record #3907

Merged
merged 2 commits into from
Sep 19, 2018
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions changelog.d/3907.bugfix
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Fix incorrect server-name indication for outgoing federation requests
13 changes: 10 additions & 3 deletions synapse/http/endpoint.py
Original file line number Diff line number Diff line change
Expand Up @@ -108,7 +108,7 @@ def matrix_federation_endpoint(reactor, destination, tls_client_options_factory=

Args:
reactor: Twisted reactor.
destination (bytes): The name of the server to connect to.
destination (unicode): The name of the server to connect to.
tls_client_options_factory
(synapse.crypto.context_factory.ClientTLSOptionsFactory):
Factory which generates TLS options for client connections.
Expand All @@ -126,10 +126,17 @@ def matrix_federation_endpoint(reactor, destination, tls_client_options_factory=
transport_endpoint = HostnameEndpoint
default_port = 8008
else:
# the SNI string should be the same as the Host header, minus the port.
# as per https://github.com/matrix-org/synapse/issues/2525#issuecomment-336896777,
# the Host header and SNI should therefore be the server_name of the remote
# server.
tls_options = tls_client_options_factory.get_options(domain)

def transport_endpoint(reactor, host, port, timeout):
return wrapClientTLS(
tls_client_options_factory.get_options(host),
HostnameEndpoint(reactor, host, port, timeout=timeout))
tls_options,
HostnameEndpoint(reactor, host, port, timeout=timeout),
)
default_port = 8448

if port is None:
Expand Down