Skip to content
This repository was archived by the owner on Apr 26, 2024. It is now read-only.
This repository was archived by the owner on Apr 26, 2024. It is now read-only.

Don't try and fetch our own keys from ourselves #4024

Closed
#11129
Closed
Don't try and fetch our own keys from ourselves#4024
#11129
Assignees
H-Shay
Labels
A-FederationS-MinorBlocks non-critical functionality, workarounds exist.T-DefectBugs, crashes, hangs, security vulnerabilities, or other reported issues.z-p2(Deprecated Label)
@erikjohnston

Description

@erikjohnston
erikjohnston
opened on Oct 9, 2018

When we send an invite we need to check the returned invite's signatures. This eventually boils down to:

synapse/synapse/federation/federation_base.py

Lines 253 to 256 in 89a76d1

deferreds = keyring.verify_json_objects_for_server([
(p.event_id_domain, p.redacted_pdu_json)
for p in pdus_to_check
])

Which then tries and checks that the server has in fact signed it and its a valid signature.

Seemingly, for servers that have disabled perspectives, the server then tries and to fetch its own verify keys (which in the particular case I saw failed to fetch due to a mismatch in TLS certificates). It probably shouldn't bother trying to fetch its own keys.

Metadata

Metadata

Assignees

Labels

A-FederationS-MinorBlocks non-critical functionality, workarounds exist.T-DefectBugs, crashes, hangs, security vulnerabilities, or other reported issues.z-p2(Deprecated Label)

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions