wholetrans/docs-matrix-spec
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge pull request #1844 from matrix-org/travis/fix-tls-fingerprints

Browse source 
Remove wrong references to TLS fingerprints
This commit is contained in:
Travis Ralston 2019-02-06 08:08:49 -07:00 committed by GitHub
commit ad6064aca6
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 7 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

2
api/server-server/keys_server.yaml
View file

@ -27,7 +27,7 @@ paths:
get: get:
summary: Get the homeserver's public key(s) summary: Get the homeserver's public key(s)
description: |- description: |-
Gets the homeserver's published TLS fingerprints and signing keys. Gets the homeserver's published signing keys.
The homeserver may have any number of active keys and may have a The homeserver may have any number of active keys and may have a
number of old keys. number of old keys.

1
changelogs/server_server/newsfragments/1844.clarification Normal file
View file

@ -0,0 +1 @@
Remove legacy references to TLS fingerprints.

9
specification/server_server_api.rst
View file

@ -157,14 +157,14 @@ The process overall is as follows:
and a port of 8448, using a ``Host`` header of ``<delegated_hostname>``. and a port of 8448, using a ``Host`` header of ``<delegated_hostname>``.
The target server must present a valid certificate for ``<delegated_hostname>``. The target server must present a valid certificate for ``<delegated_hostname>``.
4. If the `/.well-known` request resulted in an error response, a server 4. If the ``/.well-known`` request resulted in an error response, a server
is found by resolving an SRV record for ``_matrix._tcp.<hostname>``. This is found by resolving an SRV record for ``_matrix._tcp.<hostname>``. This
may result in a hostname (to be resolved using AAAA or A records) and may result in a hostname (to be resolved using AAAA or A records) and
port. Requests are made to the resolved IP address and port, using 8448 port. Requests are made to the resolved IP address and port, using 8448
as a default port, with a ``Host`` header of ``<hostname>``. The target as a default port, with a ``Host`` header of ``<hostname>``. The target
server must present a valid certificate for ``<hostname>``. server must present a valid certificate for ``<hostname>``.
5. If the `/.well-known` request returned an error response, and the SRV 5. If the ``/.well-known`` request returned an error response, and the SRV
record was not found, an IP address is resolved using AAAA and A records. record was not found, an IP address is resolved using AAAA and A records.
Requests are made to the resolved IP address using port 8448 and a ``Host`` Requests are made to the resolved IP address using port 8448 and a ``Host``
header containing the ``<hostname>``. The target server must present a header containing the ``<hostname>``. The target server must present a
@ -220,12 +220,11 @@ server by querying other servers.
Publishing Keys Publishing Keys
+++++++++++++++ +++++++++++++++
Homeservers publish the allowed TLS fingerprints and signing keys in a JSON Homeservers publish their signing keys in a JSON
object at ``/_matrix/key/v2/server/{key_id}``. The response contains a list of object at ``/_matrix/key/v2/server/{key_id}``. The response contains a list of
``verify_keys`` that are valid for signing federation requests made by the ``verify_keys`` that are valid for signing federation requests made by the
homeserver and for signing events. It contains a list of ``old_verify_keys`` which homeserver and for signing events. It contains a list of ``old_verify_keys`` which
are only valid for signing events. Finally the response contains a list of TLS are only valid for signing events.
certificate fingerprints to validate any connection made to the homeserver.
{{keys_server_ss_http_api}} {{keys_server_ss_http_api}}