Enabling the use_insecure_ssl_client_just_for_testing_do_not_use config file option doesn't stop SimpleHttpClient (used in the OIDC handler in my case) from failing to connect to host. It also fails with a 504 which is its way of saying "invalid certificate", which is a bug on its own, but possibly not related.
Steps to reproduce
set up an OIDC provider that uses a self-signed SSL certificate
try to start up synapse
observe how it fails to start due to RequestTimedOutError
With use_insecure_ssl_client_just_for_testing_do_not_use enabled, I'd expect to have a normal interaction even with an untrusted server.
Version information
Homeserver: locally hosted instance
Version: develop as of the time of filing this issue, git describe --tags being v1.39.0rc2-736-g1d8b80b33
This issue has been migrated from #11437.
Description
Enabling the
use_insecure_ssl_client_just_for_testing_do_not_use
config file option doesn't stop SimpleHttpClient (used in the OIDC handler in my case) from failing to connect to host. It also fails with a 504 which is its way of saying "invalid certificate", which is a bug on its own, but possibly not related.Steps to reproduce
RequestTimedOutError
With
use_insecure_ssl_client_just_for_testing_do_not_use
enabled, I'd expect to have a normal interaction even with an untrusted server.Version information
develop
as of the time of filing this issue,git describe --tags
beingv1.39.0rc2-736-g1d8b80b33