Better document the intent of the insecure SSL setting

2015-09-09 13:26:23 +01:00 · 2015-09-09 13:26:23 +01:00 · ddfe30ba83
commit ddfe30ba83
parent 6485f03d91
1 changed files with 6 additions and 2 deletions
--- a/synapse/config/tls.py
+++ b/synapse/config/tls.py
@ -42,9 +42,13 @@ class TlsConfig(Config):
            config.get("tls_dh_params_path"), "tls_dh_params"
        )

+        # This config option applies to non-federation HTTP clients
+        # (e.g. for talking to recaptcha, identity servers, and such)
+        # It should never be used in production, and is intended for
+        # use only when running tests.
        self.use_insecure_ssl_client = config.get(
-            "i_really_want_to_ignore_ssl_certs_when_i_am_an_http_client_even_"
-            "though_it_is_woefully_insecure_because_i_hate_my_users", False)
+            "i_really_want_to_ignore_ssl_certs_when_i_am_an_https_client_even_"
+            "though_it_is_woefully_insecure_because_i_am_testing_i_promise", False)

    def default_config(self, config_dir_path, server_name):
        base_key_name = os.path.join(config_dir_path, server_name)