diff options
| author | Neil Alexander <neilalexander@users.noreply.github.com> | 2021-03-05 10:40:27 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-03-05 10:40:27 +0000 |
| commit | 1ad96e2e2df9dc1f5fa7d31522babd6a64ca517f (patch) | |
| tree | 166e2051273fc89f50d6efac1c40a12cd7c077a7 /setup | |
| parent | 9557ccada4efe50d0f370019ad0b9f017fc7ebcf (diff) | |
Tweak AS registration check and AS component HTTP clients (#1785)
* Tweak AS registration check
* Check appservice usernames using correct function
* Update sytest-whitelist
* Use gomatrixserverlib.Client since that allows us to disable TLS validation using the config
* Add appservice-specific client and ability to control TLS validation for appservices only
* Set timeout on appservice client
* Review comments
* Remove dead code
* Enforce LoginTypeApplicationService after all
* Check correct auth type field
Diffstat (limited to 'setup')
| -rw-r--r-- | setup/base.go | 16 | ||||
| -rw-r--r-- | setup/config/config_appservice.go | 4 |
2 files changed, 20 insertions, 0 deletions
diff --git a/setup/base.go b/setup/base.go index e9aa2a45..f8a45409 100644 --- a/setup/base.go +++ b/setup/base.go @@ -290,6 +290,22 @@ func (b *BaseDendrite) CreateClient() *gomatrixserverlib.Client { return client } +// CreateAppserviceClient creates a new client for application services. +// It has a specific timeout and obeys TLS validation from the appservice +// config rather than the federation config. +func (b *BaseDendrite) CreateAppserviceClient() *gomatrixserverlib.Client { + opts := []gomatrixserverlib.ClientOption{ + gomatrixserverlib.WithSkipVerify(b.Cfg.AppServiceAPI.DisableTLSValidation), + gomatrixserverlib.WithTimeout(time.Second * 60), + } + if b.Cfg.Global.DNSCache.Enabled { + opts = append(opts, gomatrixserverlib.WithDNSCache(b.DNSCache)) + } + client := gomatrixserverlib.NewClient(opts...) + client.SetUserAgent(fmt.Sprintf("Dendrite/%s", internal.VersionString())) + return client +} + // CreateFederationClient creates a new federation client. Should only be called // once per component. func (b *BaseDendrite) CreateFederationClient() *gomatrixserverlib.FederationClient { diff --git a/setup/config/config_appservice.go b/setup/config/config_appservice.go index a042691d..a6f77abf 100644 --- a/setup/config/config_appservice.go +++ b/setup/config/config_appservice.go @@ -33,6 +33,10 @@ type AppServiceAPI struct { Database DatabaseOptions `yaml:"database"` + // DisableTLSValidation disables the validation of X.509 TLS certs + // on appservice endpoints. This is not recommended in production! + DisableTLSValidation bool `yaml:"disable_tls_validation"` + ConfigFiles []string `yaml:"config_files"` } |