Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Check the TLS certificate matches the fingerprint in the key response when connecting to a server over federation (SYN-457) #1362

Closed
matrixbot opened this issue Aug 28, 2015 · 8 comments
Closed

Check the TLS certificate matches the fingerprint in the key response when connecting to a server over federation (SYN-457) #1362

matrixbot opened this issue Aug 28, 2015 · 8 comments
Labels
Security z-feature (Deprecated Label)

Comments

@matrixbot
Copy link
Member

(Imported from https://matrix.org/jira/browse/SYN-457)

(Reported by @NegativeMjark)
@matrixbot
Copy link
Member Author

Jira watchers: @NegativeMjark @richvdh

@matrixbot
Copy link
Member Author

matrixbot commented Aug 28, 2015
edited
Loading

Links exported from Jira:

is duplicated by SYN-84
is duplicated by SYN-460
relates to #1377

@matrixbot
Copy link
Member Author

why is this an important thing to do?

People are setting up their synapses with federation behind reverse-proxies and not telling synapse about the cert. If we ever fix it, we're going to break them. In the meantime, confusion reigns.

-- @richvdh

@matrixbot
Copy link
Member Author

(how do we cope with replacing certs on the reverse-proxy?)

-- @richvdh

@matrixbot
Copy link
Member Author

apparently we check the tls cert on first connection but not thereafter

-- @richvdh

@matrixbot matrixbot added p1 z-feature (Deprecated Label) labels Nov 7, 2016
@matrixbot matrixbot mentioned this issue Nov 7, 2016
Closed
@matrixbot matrixbot changed the title Check the TLS certificate matches the fingerprint in the key response when connecting to a server over federation (SYN-457) Check the TLS certificate matches the fingerprint in the key response when connecting to a server over federation (https://github.com/matrix-org/synapse/issues/1362) Nov 7, 2016
@matrixbot matrixbot changed the title Check the TLS certificate matches the fingerprint in the key response when connecting to a server over federation (https://github.com/matrix-org/synapse/issues/1362) Check the TLS certificate matches the fingerprint in the key response when connecting to a server over federation (SYN-457) Nov 7, 2016
@richvdh richvdh mentioned this issue Sep 6, 2017
Closed
@ara4n
Copy link
Member

ara4n commented Sep 26, 2018

see also matrix-org/matrix-doc#1685

@richvdh
Copy link
Member

richvdh commented Nov 7, 2018

MSC1711 proposes that we should instead switch to verifying via Certificate Authorities.

@richvdh richvdh mentioned this issue Jun 5, 2019
Closed
@richvdh
Copy link
Member

richvdh commented Jun 5, 2019

closing in favour of MSC1711 and #5349.

@richvdh richvdh closed this as completed Jun 5, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Security z-feature (Deprecated Label)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@callahad @ara4n @richvdh @matrixbot