Force TLS certificate verification in registration script. (#16530)

If using the script remotely, there's no particularly convincing reason
to disable certificate verification, as this makes the connection
interceptible.

If on the other hand, the script is used locally (the most common use
case), you can simply target the HTTP listener and avoid TLS altogether.
This is what the script already attempts to do if passed a homeserver
configuration YAML file.
This commit is contained in:
Denis Kasak 2023-10-23 11:38:51 +00:00 committed by GitHub
parent 12ca87f5ea
commit 3a0aa6fe76
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 3 additions and 2 deletions

1
changelog.d/16530.bugfix Normal file
View file

@ -0,0 +1 @@
Force TLS certificate verification in user registration script.

View file

@ -50,7 +50,7 @@ def request_registration(
url = "%s/_synapse/admin/v1/register" % (server_location.rstrip("/"),) url = "%s/_synapse/admin/v1/register" % (server_location.rstrip("/"),)
# Get the nonce # Get the nonce
r = requests.get(url, verify=False) r = requests.get(url)
if r.status_code != 200: if r.status_code != 200:
_print("ERROR! Received %d %s" % (r.status_code, r.reason)) _print("ERROR! Received %d %s" % (r.status_code, r.reason))
@ -88,7 +88,7 @@ def request_registration(
} }
_print("Sending registration request...") _print("Sending registration request...")
r = requests.post(url, json=data, verify=False) r = requests.post(url, json=data)
if r.status_code != 200: if r.status_code != 200:
_print("ERROR! Received %d %s" % (r.status_code, r.reason)) _print("ERROR! Received %d %s" % (r.status_code, r.reason))