From 9a3e208a7baaeaf90c2db8505253a46240eed784 Mon Sep 17 00:00:00 2001 From: David Robertson Date: Tue, 15 Nov 2022 14:00:10 +0000 Subject: [PATCH 1/3] Fix typechecking errors introduced in #14128 --- synapse/app/_base.py | 2 +- synapse/app/generic_worker.py | 3 +++ synapse/app/homeserver.py | 3 +++ 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/synapse/app/_base.py b/synapse/app/_base.py index 8f5b1a20f517..ab84b488595e 100644 --- a/synapse/app/_base.py +++ b/synapse/app/_base.py @@ -365,7 +365,7 @@ def listen_http( version_string: str, max_request_body_size: int, context_factory: IOpenSSLContextFactory, - reactor: IReactorSSL = reactor, + reactor: ISynapseReactor = reactor, ) -> List[Port]: port = listener_config.port bind_addresses = listener_config.bind_addresses diff --git a/synapse/app/generic_worker.py b/synapse/app/generic_worker.py index 1d9aef45c24b..c0f4d5910b18 100644 --- a/synapse/app/generic_worker.py +++ b/synapse/app/generic_worker.py @@ -389,6 +389,9 @@ def _listen_http(self, listener_config: ListenerConfig) -> None: root_resource = create_resource_tree(resources, OptionsResource()) + # tls_server_context_factory is set by `refresh_certificate`, not in the + # homeserver constructor. Reassure mypy that we have set a context factory. + assert self.tls_server_context_factory is not None _base.listen_http( listener_config, root_resource, diff --git a/synapse/app/homeserver.py b/synapse/app/homeserver.py index 4f4fee4782f2..9500d590ff35 100644 --- a/synapse/app/homeserver.py +++ b/synapse/app/homeserver.py @@ -136,6 +136,9 @@ def _listener_http( else: root_resource = OptionsResource() + # tls_server_context_factory is set by `refresh_certificate`, not in the + # homeserver constructor. Reassure mypy that we have set a context factory. + assert self.tls_server_context_factory is not None ports = listen_http( listener_config, create_resource_tree(resources, root_resource), From 28456883cd695683b91b56f6bb2d6b7b978f53ff Mon Sep 17 00:00:00 2001 From: David Robertson Date: Tue, 15 Nov 2022 14:01:07 +0000 Subject: [PATCH 2/3] Changelog --- changelog.d/14455.misc | 1 + 1 file changed, 1 insertion(+) create mode 100644 changelog.d/14455.misc diff --git a/changelog.d/14455.misc b/changelog.d/14455.misc new file mode 100644 index 000000000000..29168ef95540 --- /dev/null +++ b/changelog.d/14455.misc @@ -0,0 +1 @@ +Add TLS support for generic worker endpoints. From c1cc906cea3c91bece0b42289b21016699cedfc4 Mon Sep 17 00:00:00 2001 From: David Robertson Date: Tue, 15 Nov 2022 15:58:28 +0000 Subject: [PATCH 3/3] Correct annotations so that context_factory works if you don't use TLS --- synapse/app/_base.py | 2 +- synapse/app/generic_worker.py | 3 --- synapse/app/homeserver.py | 3 --- synapse/server.py | 5 +++-- 4 files changed, 4 insertions(+), 9 deletions(-) diff --git a/synapse/app/_base.py b/synapse/app/_base.py index ab84b488595e..41d2732ef96d 100644 --- a/synapse/app/_base.py +++ b/synapse/app/_base.py @@ -364,7 +364,7 @@ def listen_http( root_resource: Resource, version_string: str, max_request_body_size: int, - context_factory: IOpenSSLContextFactory, + context_factory: Optional[IOpenSSLContextFactory], reactor: ISynapseReactor = reactor, ) -> List[Port]: port = listener_config.port diff --git a/synapse/app/generic_worker.py b/synapse/app/generic_worker.py index c0f4d5910b18..1d9aef45c24b 100644 --- a/synapse/app/generic_worker.py +++ b/synapse/app/generic_worker.py @@ -389,9 +389,6 @@ def _listen_http(self, listener_config: ListenerConfig) -> None: root_resource = create_resource_tree(resources, OptionsResource()) - # tls_server_context_factory is set by `refresh_certificate`, not in the - # homeserver constructor. Reassure mypy that we have set a context factory. - assert self.tls_server_context_factory is not None _base.listen_http( listener_config, root_resource, diff --git a/synapse/app/homeserver.py b/synapse/app/homeserver.py index 9500d590ff35..4f4fee4782f2 100644 --- a/synapse/app/homeserver.py +++ b/synapse/app/homeserver.py @@ -136,9 +136,6 @@ def _listener_http( else: root_resource = OptionsResource() - # tls_server_context_factory is set by `refresh_certificate`, not in the - # homeserver constructor. Reassure mypy that we have set a context factory. - assert self.tls_server_context_factory is not None ports = listen_http( listener_config, create_resource_tree(resources, root_resource), diff --git a/synapse/server.py b/synapse/server.py index c4e025af22ab..f0a60d00564d 100644 --- a/synapse/server.py +++ b/synapse/server.py @@ -221,8 +221,6 @@ class HomeServer(metaclass=abc.ABCMeta): # instantiated during setup() for future return by get_datastores() DATASTORE_CLASS = abc.abstractproperty() - tls_server_context_factory: Optional[IOpenSSLContextFactory] - def __init__( self, hostname: str, @@ -258,6 +256,9 @@ def __init__( self._module_web_resources: Dict[str, Resource] = {} self._module_web_resources_consumed = False + # This attribute is set by the free function `refresh_certificate`. + self.tls_server_context_factory: Optional[IOpenSSLContextFactory] = None + def register_module_web_resource(self, path: str, resource: Resource) -> None: """Allows a module to register a web resource to be served at the given path.