search

matrix-org / synapse-s3-storage-provider

Synapse storage provider to fetch and store media in Amazon S3
Apache License 2.0
132 stars 36 forks source link

Add configuration to use a different CA cert bundle or disable verification #101

Open AlekseyIvanov199 opened 1 year ago

AlekseyIvanov199 commented 1 year ago

Applyed this commit you can get ability set off SSL verify for botocore (SSL will still be used (unless use_ssl is False)), or you can specify ca.pem file in config if you want to use a different CA cert bundle than the one used by botocore

col-panic commented 2 months ago

Waiting for this, just seeing the following message in the logs

synapse-1  | 2024-09-19T13:03:08.355090777Z botocore.exceptions.SSLError: SSL validation failed for https://192.168.54.3:9000/elexis-environment/synapse/remote_content/medelexis.ch/tu/bx/YPJNVttkDNDCRDbkwyJb [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate (_ssl.c:1006)
col-panic commented 2 months ago

@clokep your proposed changes seem rather straightforward, if @AlekseyIvanov199 can not find the time to integrate those, maybe you could directly patch them? It would be great to have this code included! Thank you guys!

col-panic commented 1 month ago

bump - please integrate this. I tested it on my site, and it works as expected!

col-panic commented 4 days ago

bump - please consider integrating this. @AlekseyIvanov199 do you mind integrating @clokep s changes? @clokep if there is no feedback from @AlekseyIvanov199 , are you willing to ingerate it if I do a new fork and branch with your required changes? Thank you both!

col-panic commented 3 days ago

@vlaborie sorry to cold call you into this, but it seems that @clokep is dormant and you are actively commiting - would you mind integrating this or give a statement of non-acceptance? The problem is, that I always have to manually patch this after updates happend, and it would be much more convenient to have it integrated!

vlaborie commented 3 days ago

@vlaborie sorry to cold call you into this, but it seems that @clokep is dormant and you are actively commiting - would you mind integrating this or give a statement of non-acceptance? The problem is, that I always have to manually patch this after updates happend, and it would be much more convenient to have it integrated!

@col-panic i have only sent one PR, i have no maintainer nor review privileges on this repository.