diff --git a/0001-Use-TLSv1.2-for-fake-servers-in-tests.patch b/0001-Use-TLSv1.2-for-fake-servers-in-tests.patch new file mode 100644 index 0000000..7e4fd98 --- /dev/null +++ b/0001-Use-TLSv1.2-for-fake-servers-in-tests.patch @@ -0,0 +1,35 @@ +From 3e752ec4544dadfd7e3cc96d77b8a30bec36c49a Mon Sep 17 00:00:00 2001 +From: Dan Callaghan +Date: Sun, 30 Aug 2020 13:28:29 +1000 +Subject: [PATCH] Use TLSv1.2 for fake servers in tests + +Some Linux distros have begun disabling TLSv1.0 and TLSv1.1 by default +for security reasons, for example in Fedora 33 onwards: + +https://fedoraproject.org/wiki/Changes/StrongCryptoSettings2 + +Use TLSv1.2 for the fake TLS servers created in the test suite, to avoid +failures due to OpenSSL disallowing TLSv1.0: + + +--- + tests/http/__init__.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tests/http/__init__.py b/tests/http/__init__.py +index 2096ba3c9..7486d092b 100644 +--- a/tests/http/__init__.py ++++ b/tests/http/__init__.py +@@ -145,7 +145,7 @@ def __init__(self, sanlist): + self._cert_file = create_test_cert_file(sanlist) + + def serverConnectionForTLS(self, tlsProtocol): +- ctx = SSL.Context(SSL.TLSv1_METHOD) ++ ctx = SSL.Context(SSL.TLSv1_2_METHOD) + ctx.use_certificate_file(self._cert_file) + ctx.use_privatekey_file(get_test_key_file()) + return Connection(ctx, None) +-- +2.26.2 + diff --git a/matrix-synapse.spec b/matrix-synapse.spec index 95220fd..c75e3d8 100644 --- a/matrix-synapse.spec +++ b/matrix-synapse.spec @@ -14,6 +14,8 @@ URL: https://github.com/matrix-org/%{srcname} Source0: %{url}/archive/v%{version}%{rcx}/%{srcname}-%{version}%{rcx}.tar.gz Source1: synapse.sysconfig Source2: synapse.service +# https://github.com/matrix-org/synapse/pull/8208 +Patch1: 0001-Use-TLSv1.2-for-fake-servers-in-tests.patch BuildArch: noarch BuildRequires: python3-devel