support for MSC1711 #4366

richvdh · 2019-01-08T17:11:52Z

enforce proper cert checking, with support for a whitelist of domains/netmasks that are exempt, and support for a custom CA trust list.

Blocked on getting people to switch over for now, but we could make it optional.

anoadragon453 · 2019-04-01T10:52:51Z

and support for a custom CA trust list.

Is this going to be in addition to the system's certs or in replacement of? Because I could see people wanting both things.

richvdh · 2019-04-01T10:57:33Z

replacement, in the first instance, I think. You can always add all the system CAs back into the trust list if you want.

anoadragon453 · 2019-05-09T16:16:23Z

Can this be closed now that #4967 has been merged?

richvdh added r0 P1 labels Jan 8, 2019

neilisfragile removed the v1.0 label Jan 16, 2019

hawkowl self-assigned this Jan 18, 2019

neilisfragile added v1.0 and removed r0 P1 labels Jan 24, 2019

richvdh mentioned this issue Feb 1, 2019

Specify .well-known s2s discovery and X.509 validation matrix-org/matrix-spec-proposals#1830

Merged

richvdh unassigned hawkowl Mar 20, 2019

neilisfragile assigned anoadragon453 Mar 28, 2019

anoadragon453 mentioned this issue Mar 28, 2019

Config option for verifying federation certificates (MSC 1711) #4967

Merged

4 tasks

anoadragon453 closed this as completed May 9, 2019

Provide feedback