Stop hardcoding trust of old matrix.org key (#5374)
There are a few changes going on here: * We make checking the signature on a key server response optional: if no verify_keys are specified, we trust to TLS to validate the connection. * We change the default config so that it does not require responses to be signed by the old key. * We replace the old 'perspectives' config with 'trusted_key_servers', which is also formatted slightly differently. * We emit a warning to the logs every time we trust a key server response signed by the old key.
Showing
- changelog.d/5374.feature 1 addition, 0 deletionschangelog.d/5374.feature
- docs/sample_config.yaml 37 additions, 6 deletionsdocs/sample_config.yaml
- synapse/config/key.py 189 additions, 39 deletionssynapse/config/key.py
- synapse/crypto/keyring.py 37 additions, 35 deletionssynapse/crypto/keyring.py
- tests/crypto/test_keyring.py 28 additions, 15 deletionstests/crypto/test_keyring.py
- tests/http/federation/test_matrix_federation_agent.py 1 addition, 0 deletionstests/http/federation/test_matrix_federation_agent.py
Loading
Please register or sign in to comment