Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Fixes #3135 - Replace _OpenSSLECCurve with crypto.get_elliptic_curve #3157

Merged
merged 6 commits into from
Apr 30, 2018
Merged

Fixes #3135 - Replace _OpenSSLECCurve with crypto.get_elliptic_curve #3157

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
f692538
Replace _OpenSSLECCurve with crypto.get_elliptic_curve
Half-Shot Apr 29, 2018
7ae89bb
_evCurve > _ecCurve
Half-Shot Apr 29, 2018
24bfcaf
Remove tombstone comment
Half-Shot Apr 29, 2018
55bd158
Remove pin on Twisted 18.4
Half-Shot Apr 30, 2018
fff7c33
pyopenssl>=0.15
Half-Shot Apr 30, 2018
952d0ba
Remove whitespace in python_dep
Half-Shot Apr 30, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 5 additions & 4 deletions synapse/crypto/context_factory.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,8 +13,8 @@
# limitations under the License.

from twisted.internet import ssl
from OpenSSL import SSL
from twisted.internet._sslverify import _OpenSSLECCurve, _defaultCurveName
from OpenSSL import SSL, crypto
from twisted.internet._sslverify import _defaultCurveName
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wonder if there is any way we can fix this gut-wrenching at the same time.


import logging

Expand All @@ -32,8 +32,9 @@ def __init__(self, config):
@staticmethod
def configure_context(context, config):
try:
_ecCurve = _OpenSSLECCurve(_defaultCurveName)
_ecCurve.addECKeyToContext(context)
_ecCurve = crypto.get_elliptic_curve(_defaultCurveName)
context.set_tmp_ecdh(_ecCurve)

except Exception:
logger.exception("Failed to enable elliptic curve for TLS")
context.set_options(SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3)
Expand Down
6 changes: 1 addition & 5 deletions synapse/python_dependencies.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,11 +39,7 @@
"signedjson>=1.0.0": ["signedjson>=1.0.0"],
"pynacl>=1.2.1": ["nacl>=1.2.1", "nacl.bindings"],
"service_identity>=1.0.0": ["service_identity>=1.0.0"],

# we break under Twisted 18.4
# (https://github.com/matrix-org/synapse/issues/3135)
"Twisted>=16.0.0,<18.4": ["twisted>=16.0.0"],

"Twisted>=16.0.0": ["twisted>=16.0.0"],
"pyopenssl>=0.14": ["OpenSSL>=0.14"],
"pyyaml": ["yaml"],
"pyasn1": ["pyasn1"],
Expand Down