Merge branch 'rav/fix_custom_ca' into rav/enable_tls_verification

changelog.d/5232.misc

-Run black on synapse.crypto.keyring.
+Preparatory work for key-validity features.

changelog.d/5234.misc

-Rewrite store_server_verify_key to store several keys at once.
+Preparatory work for key-validity features.

changelog.d/5235.misc

-Remove unused VerifyKey.expired and .time_added fields.
+Preparatory work for key-validity features.

changelog.d/5236.misc

-Simplify Keyring.process_v2_response.
+Preparatory work for key-validity features.
\ No newline at end of file

changelog.d/5237.misc

-Store key validity time in the storage layer.
+Preparatory work for key-validity features.

changelog.d/5244.misc

-Refactor synapse.crypto.keyring to use a KeyFetcher interface.
+Preparatory work for key-validity features.

changelog.d/5250.misc

-Simplification to Keyring.wait_for_previous_lookups.
+Preparatory work for key-validity features.

changelog.d/5284.misc

+Improve sample config for monthly active user blocking. 

changelog.d/5296.misc

-Refactor keyring.VerifyKeyRequest to use attr.s.
+Preparatory work for key-validity features.

changelog.d/5299.misc

-Rewrite get_server_verify_keys, again.
+Preparatory work for key-validity features.

changelog.d/5317.bugfix

+Fix handling of failures when processing incoming events where calling `/event_auth` on remote server fails.

changelog.d/5343.misc

-Rename VerifyKeyRequest.deferred field.
+Preparatory work for key-validity features.

changelog.d/5347.misc

-Various improvements to debug logging.
-
+Preparatory work for key-validity features.

changelog.d/5352.bugfix

+Fix room stats and presence background updates to correctly handle missing events.

changelog.d/5356.misc

+Preparatory work for key-validity features.

changelog.d/5357.doc

+Fix notes about ACME in the MSC1711 faq.

changelog.d/5360.feature

+Update /_matrix/client/versions to reference support for r0.5.0. 

changelog.d/5362.bugfix

+Fix `federation_custom_ca_list` configuration option.

docs/MSC1711_certificates_FAQ.md

@@ -145,12 +145,11 @@ You can do this with a `.well-known` file as follows:
  1. Keep the SRV record in place - it is needed for backwards compatibility
     with Synapse 0.34 and earlier.
 
- 2. Give synapse a certificate corresponding to the target domain
-    (`customer.example.net` in the above example). Currently Synapse's ACME
-    support [does not support
-    this](https://github.com/matrix-org/synapse/issues/4552), so you will have
-    to acquire a certificate yourself and give it to Synapse via
-    `tls_certificate_path` and `tls_private_key_path`.
+  2. Give Synapse a certificate corresponding to the target domain
+    (`customer.example.net` in the above example). You can either use Synapse's 
+    built-in [ACME support](./ACME.md) for this (via the `domain` parameter in 
+    the `acme` section), or acquire a certificate yourself and give it to 
+    Synapse via `tls_certificate_path` and `tls_private_key_path`.
 
  3. Restart Synapse to ensure the new certificate is loaded.
 

docs/sample_config.yaml

@@ -261,6 +261,22 @@ listeners:
 
 # Monthly Active User Blocking
 #
+# Used in cases where the admin or server owner wants to limit to the
+# number of monthly active users.
+#
+# 'limit_usage_by_mau' disables/enables monthly active user blocking. When
+# anabled and a limit is reached the server returns a 'ResourceLimitError'
+# with error type Codes.RESOURCE_LIMIT_EXCEEDED
+#
+# 'max_mau_value' is the hard limit of monthly active users above which
+# the server will start blocking user actions.
+#
+# 'mau_trial_days' is a means to add a grace period for active users. It
+# means that users must be active for this number of days before they
+# can be considered active and guards against the case where lots of users
+# sign up in a short space of time never to return after their initial
+# session.
+#
 #limit_usage_by_mau: False
 #max_mau_value: 50
 #mau_trial_days: 2