Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Commit

Permalink
Remove redundant code to reload tls cert (#10054)
Browse files Browse the repository at this point in the history
we don't need to reload the tls cert if we don't have any tls listeners.

Follow-up to #9280.
  • Loading branch information
richvdh authored May 27, 2021
1 parent 224f2f9 commit fe5dad4
Show file tree
Hide file tree
Showing 4 changed files with 6 additions and 25 deletions.
1 change: 1 addition & 0 deletions changelog.d/10054.misc
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Remove some dead code regarding TLS certificate handling.
5 changes: 1 addition & 4 deletions synapse/app/_base.py
Original file line number Diff line number Diff line change
Expand Up @@ -261,13 +261,10 @@ def refresh_certificate(hs):
Refresh the TLS certificates that Synapse is using by re-reading them from
disk and updating the TLS context factories to use them.
"""

if not hs.config.has_tls_listener():
# attempt to reload the certs for the good of the tls_fingerprints
hs.config.read_certificate_from_disk(require_cert_and_key=False)
return

hs.config.read_certificate_from_disk(require_cert_and_key=True)
hs.config.read_certificate_from_disk()
hs.tls_server_context_factory = context_factory.ServerContextFactory(hs.config)

if hs._listening_services:
Expand Down
22 changes: 3 additions & 19 deletions synapse/config/tls.py
Original file line number Diff line number Diff line change
Expand Up @@ -215,28 +215,12 @@ def is_disk_cert_valid(self, allow_self_signed=True):
days_remaining = (expires_on - now).days
return days_remaining

def read_certificate_from_disk(self, require_cert_and_key: bool):
def read_certificate_from_disk(self):
"""
Read the certificates and private key from disk.
Args:
require_cert_and_key: set to True to throw an error if the certificate
and key file are not given
"""
if require_cert_and_key:
self.tls_private_key = self.read_tls_private_key()
self.tls_certificate = self.read_tls_certificate()
elif self.tls_certificate_file:
# we only need the certificate for the tls_fingerprints. Reload it if we
# can, but it's not a fatal error if we can't.
try:
self.tls_certificate = self.read_tls_certificate()
except Exception as e:
logger.info(
"Unable to read TLS certificate (%s). Ignoring as no "
"tls listeners enabled.",
e,
)
self.tls_private_key = self.read_tls_private_key()
self.tls_certificate = self.read_tls_certificate()

def generate_config_section(
self,
Expand Down
3 changes: 1 addition & 2 deletions tests/config/test_tls.py
Original file line number Diff line number Diff line change
Expand Up @@ -74,12 +74,11 @@ def test_warn_self_signed(self):

config = {
"tls_certificate_path": os.path.join(config_dir, "cert.pem"),
"tls_fingerprints": [],
}

t = TestConfig()
t.read_config(config, config_dir_path="", data_dir_path="")
t.read_certificate_from_disk(require_cert_and_key=False)
t.read_tls_certificate()

warnings = self.flushWarnings()
self.assertEqual(len(warnings), 1)
Expand Down

0 comments on commit fe5dad4

Please sign in to comment.