search

element-hq / element-web

A glossy Matrix collaboration client for the web.
https://element.io
GNU Affero General Public License v3.0
11.2k stars 2k forks source link

"Untrusted ID server" using https for ident server #6332

Closed stone212 closed 5 years ago

stone212 commented 6 years ago

### Description

Using riot-web for Linux, I am trying to create a new account on a recently installed Matrix/Synapse server. When I preface my id server with https, the result is this error message:

Untrusted ID server
'matrix.myserver.com'

(myserver.com is just a placeholder)

### Steps to reproduce

Follow the install instructions here: https://blog.cryptoaustralia.org.au/2017/03/21/run-your-end-to-end-encrypted-chat-server-matrix-riot/

Under "Time to Riot" enter your Home Server and Id server as in the graphic (with https).

Describe how what happens differs from what you expected.

The result is 

Untrusted ID server
'matrix.myserver.com'

But I want riot.im to tell me that it has successfully created an account.

Version information

riot-web Debian 9 Matrix server installed with these instructions on Ubuntu 16.04 and LetsEncrypt: https://blog.cryptoaustralia.org.au/2017/03/21/run-your-end-to-end-encrypted-chat-server-matrix-riot/

MTRNord commented 6 years ago

Synapse is NOT a identity server. It is just the homeserver. The identity server is used to make the user search possible as it maps Emails to the mxid. As those currently cant federate vector.im is used by default. It doesn't get your password Information

stone212 commented 6 years ago

@MTRNord I don't know what you mean by "user search". I don't want to search for users. I want a server where invited members can chat.

You should not make my email or username available to 3rd parties without asking and prompting. Also the instructions I linked to specifically mention using the server you set up (in those instructions) as an identity server so I had a reason to think that my data would be safe.

This is terrible handling of user data.

jeremiah-k commented 6 years ago

Is there any way to self-host an identity server at this time?

t3chguy commented 6 years ago

Yes, host an instance of sydent or mxisd

aaronraimist commented 5 years ago

Yes as @MTRNord said, this isn't a bug. You don't have an identity server running on matrix.mydomain.com and that is what the error message is telling you.

If you want to host your own identify server you can run an instance of https://github.com/kamax-matrix/mxisd.

@lampholder close?