Description

When constructing a Complement Docker image for Synapse, we generate a server certificate which contains only a Common Name but no Subject Alternative Name (SAN). Dendrite doesn't like this, so refuses to communicate with such a Synapse.

I encountered this problem because I'm fiddling with trying to extend Complement to support spinning up federations composed of multiple different HS implementations. Synapse <-> Synapse and Dendrite <-> Dendrite work fine, but Synapse <-> Dendrite configurations currently fail to communicate due to this.

So to solve this, we need to include a SAN in there. Generating a certificate with SAN using openssl is a bit fiddly but doable, though it looks to be impossible to achieve using just the command-line arguments, so we'd need to bundle an openssl config file. Another option would be to generate the server certificate using something other than the openssl utility, e.g. using Python's cryptography package.