From fe5dad46b0da00e9757ed54eb23304ed3c6ceadf Mon Sep 17 00:00:00 2001
From: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
Date: Thu, 27 May 2021 10:34:24 +0100
Subject: [PATCH] Remove redundant code to reload tls cert (#10054)
we don't need to reload the tls cert if we don't have any tls listeners.
Follow-up to #9280.
---
changelog.d/10054.misc | 1 +
synapse/app/_base.py | 5 +----
synapse/config/tls.py | 22 +++-------------------
tests/config/test_tls.py | 3 +--
4 files changed, 6 insertions(+), 25 deletions(-)
create mode 100644 changelog.d/10054.misc
diff --git a/changelog.d/10054.misc b/changelog.d/10054.misc
new file mode 100644
index 0000000000..cebe39ce54
--- /dev/null
+++ b/changelog.d/10054.misc
@@ -0,0 +1 @@
+Remove some dead code regarding TLS certificate handling.
diff --git a/synapse/app/_base.py b/synapse/app/_base.py
index 59918d789e..1329af2e2b 100644
--- a/synapse/app/_base.py
+++ b/synapse/app/_base.py
@@ -261,13 +261,10 @@ def refresh_certificate(hs):
Refresh the TLS certificates that Synapse is using by re-reading them from
disk and updating the TLS context factories to use them.
"""
-
if not hs.config.has_tls_listener():
- # attempt to reload the certs for the good of the tls_fingerprints
- hs.config.read_certificate_from_disk(require_cert_and_key=False)
return
- hs.config.read_certificate_from_disk(require_cert_and_key=True)
+ hs.config.read_certificate_from_disk()
hs.tls_server_context_factory = context_factory.ServerContextFactory(hs.config)
if hs._listening_services:
diff --git a/synapse/config/tls.py b/synapse/config/tls.py
index 26f1150ca5..0e9bba53c9 100644
--- a/synapse/config/tls.py
+++ b/synapse/config/tls.py
@@ -215,28 +215,12 @@ class TlsConfig(Config):
days_remaining = (expires_on - now).days
return days_remaining
- def read_certificate_from_disk(self, require_cert_and_key: bool):
+ def read_certificate_from_disk(self):
"""
Read the certificates and private key from disk.
-
- Args:
- require_cert_and_key: set to True to throw an error if the certificate
- and key file are not given
"""
- if require_cert_and_key:
- self.tls_private_key = self.read_tls_private_key()
- self.tls_certificate = self.read_tls_certificate()
- elif self.tls_certificate_file:
- # we only need the certificate for the tls_fingerprints. Reload it if we
- # can, but it's not a fatal error if we can't.
- try:
- self.tls_certificate = self.read_tls_certificate()
- except Exception as e:
- logger.info(
- "Unable to read TLS certificate (%s). Ignoring as no "
- "tls listeners enabled.",
- e,
- )
+ self.tls_private_key = self.read_tls_private_key()
+ self.tls_certificate = self.read_tls_certificate()
def generate_config_section(
self,
diff --git a/tests/config/test_tls.py b/tests/config/test_tls.py
index 183034f7d4..dcf336416c 100644
--- a/tests/config/test_tls.py
+++ b/tests/config/test_tls.py
@@ -74,12 +74,11 @@ s4niecZKPBizL6aucT59CsunNmmb5Glq8rlAcU+1ZTZZzGYqVYhF6axB9Qg=
config = {
"tls_certificate_path": os.path.join(config_dir, "cert.pem"),
- "tls_fingerprints": [],
}
t = TestConfig()
t.read_config(config, config_dir_path="", data_dir_path="")
- t.read_certificate_from_disk(require_cert_and_key=False)
+ t.read_tls_certificate()
warnings = self.flushWarnings()
self.assertEqual(len(warnings), 1)
--
GitLab