From b01906263409dad09a59bb860794a96ec71d6af2 Mon Sep 17 00:00:00 2001
From: Eric Eastwood <contact@ericeastwood.com>
Date: Thu, 6 Jul 2023 09:51:06 -0500
Subject: [PATCH 1/2] Fix TLS when using the `ProxyAgent`

Same fix as https://github.com/matrix-org/synapse/pull/15746

Thanks to @realtyem for pointing it out!

`creatorForNetloc(...)` doesn't come with typing and expects `host`
to be `bytes` instead of a `str`.

`ProxyAgent` was introduced with the federation outbound proxy:
https://github.com/matrix-org/synapse/pull/15773
---
 synapse/http/proxyagent.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/synapse/http/proxyagent.py b/synapse/http/proxyagent.py
index 1fa3adbef20c..fd418fc22512 100644
--- a/synapse/http/proxyagent.py
+++ b/synapse/http/proxyagent.py
@@ -152,7 +152,7 @@ def __init__(
 
                 if federation_proxy.tls:
                     tls_connection_creator = self._policy_for_https.creatorForNetloc(
-                        federation_proxy.host,
+                        federation_proxy.host.encode("utf-8"),
                         federation_proxy.port,
                     )
                     endpoint = wrapClientTLS(tls_connection_creator, endpoint)

From b3271f5b69297fc767bfcb75056b296269cc231a Mon Sep 17 00:00:00 2001
From: Eric Eastwood <contact@ericeastwood.com>
Date: Thu, 6 Jul 2023 09:55:28 -0500
Subject: [PATCH 2/2] Same changelog as #15773

---
 changelog.d/15886.feature | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 changelog.d/15886.feature

diff --git a/changelog.d/15886.feature b/changelog.d/15886.feature
new file mode 100644
index 000000000000..0d77fae2dc68
--- /dev/null
+++ b/changelog.d/15886.feature
@@ -0,0 +1 @@
+Allow configuring the set of workers to proxy outbound federation traffic through via `outbound_federation_restricted_to`.