From b8125f96438bcf9a6fed2a86a60dbb374397d902 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nicolai=20S=C3=B8borg?= <git@xn--sb-lka.org>
Date: Wed, 17 Nov 2021 22:01:09 +0100
Subject: [PATCH 1/3] Quote wildcard
 `federation_certificate_verification_whitelist`
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Otherwise I get this beautiful stacktrace:

```
python3 -m synapse.app.homeserver --config-path /etc/matrix/homeserver.yaml
Traceback (most recent call last):
  File "/usr/lib/python3.8/runpy.py", line 194, in _run_module_as_main
    return _run_code(code, main_globals, None,
  File "/usr/lib/python3.8/runpy.py", line 87, in _run_code
    exec(code, run_globals)
  File "/root/synapse/synapse/app/homeserver.py", line 455, in <module>
    main()
  File "/root/synapse/synapse/app/homeserver.py", line 445, in main
    hs = setup(sys.argv[1:])
  File "/root/synapse/synapse/app/homeserver.py", line 345, in setup
    config = HomeServerConfig.load_or_generate_config(
  File "/root/synapse/synapse/config/_base.py", line 671, in load_or_generate_config
    config_dict = read_config_files(config_files)
  File "/root/synapse/synapse/config/_base.py", line 717, in read_config_files
    yaml_config = yaml.safe_load(file_stream)
  File "/root/synapse/env/lib/python3.8/site-packages/yaml/__init__.py", line 125, in safe_load
    return load(stream, SafeLoader)
  File "/root/synapse/env/lib/python3.8/site-packages/yaml/__init__.py", line 81, in load
    return loader.get_single_data()
  File "/root/synapse/env/lib/python3.8/site-packages/yaml/constructor.py", line 49, in get_single_data
    node = self.get_single_node()
  File "/root/synapse/env/lib/python3.8/site-packages/yaml/composer.py", line 36, in get_single_node
    document = self.compose_document()
  File "/root/synapse/env/lib/python3.8/site-packages/yaml/composer.py", line 55, in compose_document
    node = self.compose_node(None, None)
  File "/root/synapse/env/lib/python3.8/site-packages/yaml/composer.py", line 84, in compose_node
    node = self.compose_mapping_node(anchor)
  File "/root/synapse/env/lib/python3.8/site-packages/yaml/composer.py", line 133, in compose_mapping_node
    item_value = self.compose_node(node, item_key)
  File "/root/synapse/env/lib/python3.8/site-packages/yaml/composer.py", line 82, in compose_node
    node = self.compose_sequence_node(anchor)
  File "/root/synapse/env/lib/python3.8/site-packages/yaml/composer.py", line 110, in compose_sequence_node
    while not self.check_event(SequenceEndEvent):
  File "/root/synapse/env/lib/python3.8/site-packages/yaml/parser.py", line 98, in check_event
    self.current_event = self.state()
  File "/root/synapse/env/lib/python3.8/site-packages/yaml/parser.py", line 379, in parse_block_sequence_first_entry
    return self.parse_block_sequence_entry()
  File "/root/synapse/env/lib/python3.8/site-packages/yaml/parser.py", line 384, in parse_block_sequence_entry
    if not self.check_token(BlockEntryToken, BlockEndToken):
  File "/root/synapse/env/lib/python3.8/site-packages/yaml/scanner.py", line 116, in check_token
    self.fetch_more_tokens()
  File "/root/synapse/env/lib/python3.8/site-packages/yaml/scanner.py", line 227, in fetch_more_tokens
    return self.fetch_alias()
  File "/root/synapse/env/lib/python3.8/site-packages/yaml/scanner.py", line 610, in fetch_alias
    self.tokens.append(self.scan_anchor(AliasToken))
  File "/root/synapse/env/lib/python3.8/site-packages/yaml/scanner.py", line 922, in scan_anchor
    raise ScannerError("while scanning an %s" % name, start_mark,
yaml.scanner.ScannerError: while scanning an alias
  in "/etc/matrix/homeserver.yaml", line 614, column 5
expected alphabetic or numeric character, but found '.'
  in "/etc/matrix/homeserver.yaml", line 614, column 6
```

Signed-off-by: Nicolai Søborg <git@xn--sb-lka.org>
---
 docs/sample_config.yaml | 4 ++--
 synapse/config/tls.py   | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/docs/sample_config.yaml b/docs/sample_config.yaml
index d48c08f1d95f..3c931468aafe 100644
--- a/docs/sample_config.yaml
+++ b/docs/sample_config.yaml
@@ -647,8 +647,8 @@ retention:
 #
 #federation_certificate_verification_whitelist:
 #  - lon.example.com
-#  - *.domain.com
-#  - *.onion
+#  - "*.domain.com"
+#  - "*.onion"
 
 # List of custom certificate authorities for federation traffic.
 #
diff --git a/synapse/config/tls.py b/synapse/config/tls.py
index 6227434bac68..613faca6587e 100644
--- a/synapse/config/tls.py
+++ b/synapse/config/tls.py
@@ -263,8 +263,8 @@ def generate_config_section(
         #
         #federation_certificate_verification_whitelist:
         #  - lon.example.com
-        #  - *.domain.com
-        #  - *.onion
+        #  - "*.domain.com"
+        #  - "*.onion"
 
         # List of custom certificate authorities for federation traffic.
         #

From 8e2457a4d1aa9d683beb0015ec45a28cec6b9c49 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nicolai=20S=C3=B8borg?= <git@xn--sb-lka.org>
Date: Wed, 17 Nov 2021 22:07:48 +0100
Subject: [PATCH 2/3] Add changelog file for PR 11381
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Nicolai Søborg <git@xn--sb-lka.org>
---
 changelog.d/11381.doc | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 changelog.d/11381.doc

diff --git a/changelog.d/11381.doc b/changelog.d/11381.doc
new file mode 100644
index 000000000000..afaccd78baeb
--- /dev/null
+++ b/changelog.d/11381.doc
@@ -0,0 +1 @@
+Quote wildcard `federation_certificate_verification_whitelist` in config

From 370b72f4c2ce1088db9fa6712027cef09e8c54e6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nicolai=20S=C3=B8borg?= <git@xn--sb-lka.org>
Date: Thu, 18 Nov 2021 08:33:31 +0100
Subject: [PATCH 3/3] Docs: Improve changelog
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Nicolai Søborg <git@xn--sb-lka.org>
---
 changelog.d/11381.doc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/changelog.d/11381.doc b/changelog.d/11381.doc
index afaccd78baeb..f99a432418a6 100644
--- a/changelog.d/11381.doc
+++ b/changelog.d/11381.doc
@@ -1 +1 @@
-Quote wildcard `federation_certificate_verification_whitelist` in config
+Fix missing quotes for wildcard domains in `federation_certificate_verification_whitelist`.