Skip to content

Commit

Permalink
Turn off certificate verification for Synapse temporarily
Browse files Browse the repository at this point in the history 
This is necessary until homeserver containers can get access
to the dummy CA that's used to create the certificate complement
federation instances are using. Synapse can't trust those entities
over federation until this happens, so disable verification for now.

A proper fix should be possible after #28 or similar lands.
  • Loading branch information
@anoadragon453
anoadragon453 committed Nov 4, 2020
1 parent ffc6f3b commit 5d584cd
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions dockerfiles/synapse/homeserver.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,12 @@ database:

## Federation ##

# disable verification of federation certificates
#
# TODO: this is temporary until https://github.com/matrix-org/complement/pull/28 lands and
# allows homeservers spun up by complement access to the complement CA certificate to trust
federation_verify_certificates: false

# trust certs signed by the dummy CA
federation_custom_ca_list:
- /ca/ca.crt
Expand Down

0 comments on commit 5d584cd

Please sign in to comment.