mirror of
https://github.com/element-hq/synapse.git
synced 2024-12-14 11:57:44 +00:00
Force TLS certificate verification in registration script. (#16530)
If using the script remotely, there's no particularly convincing reason to disable certificate verification, as this makes the connection interceptible. If on the other hand, the script is used locally (the most common use case), you can simply target the HTTP listener and avoid TLS altogether. This is what the script already attempts to do if passed a homeserver configuration YAML file.
This commit is contained in:
parent
12ca87f5ea
commit
3a0aa6fe76
2 changed files with 3 additions and 2 deletions
1
changelog.d/16530.bugfix
Normal file
1
changelog.d/16530.bugfix
Normal file
|
@ -0,0 +1 @@
|
||||||
|
Force TLS certificate verification in user registration script.
|
|
@ -50,7 +50,7 @@ def request_registration(
|
||||||
url = "%s/_synapse/admin/v1/register" % (server_location.rstrip("/"),)
|
url = "%s/_synapse/admin/v1/register" % (server_location.rstrip("/"),)
|
||||||
|
|
||||||
# Get the nonce
|
# Get the nonce
|
||||||
r = requests.get(url, verify=False)
|
r = requests.get(url)
|
||||||
|
|
||||||
if r.status_code != 200:
|
if r.status_code != 200:
|
||||||
_print("ERROR! Received %d %s" % (r.status_code, r.reason))
|
_print("ERROR! Received %d %s" % (r.status_code, r.reason))
|
||||||
|
@ -88,7 +88,7 @@ def request_registration(
|
||||||
}
|
}
|
||||||
|
|
||||||
_print("Sending registration request...")
|
_print("Sending registration request...")
|
||||||
r = requests.post(url, json=data, verify=False)
|
r = requests.post(url, json=data)
|
||||||
|
|
||||||
if r.status_code != 200:
|
if r.status_code != 200:
|
||||||
_print("ERROR! Received %d %s" % (r.status_code, r.reason))
|
_print("ERROR! Received %d %s" % (r.status_code, r.reason))
|
||||||
|
|
Loading…
Reference in a new issue