Merge 0.10->trunk

author: Kim Alvefur <zash@zash.se> 2014-11-20 15:01:47 +0100
committer: Kim Alvefur <zash@zash.se> 2014-11-20 15:01:47 +0100
commit: 1875a89b0269a92b965298f3ca9f234630e11721 (patch)
tree: 1942217f4c99d9e88151d983acabdd514ac04386
parent: 1717f1f2e18c51a7c3091f4a98f35db0b1de6860 (diff)
parent: 6d35997e95d6491c72dcfc4b1ecf782e7542fbe5 (diff)
download: prosody-1875a89b0269a92b965298f3ca9f234630e11721.tar.gz
prosody-1875a89b0269a92b965298f3ca9f234630e11721.zip
4 files changed, 36 insertions, 20 deletions
diff --git a/core/certmanager.lua b/core/certmanager.lua
index 837fe231..3454fcc4 100644
--- a/core/certmanager.lua
+++ b/core/certmanager.lua
@@ -137,8 +137,10 @@ function create_context(host, mode, ...)
 		else
 			log("error", "SSL/TLS: Error initialising for %s: %s", host, err);
 		end
+	else
+		err = nil;
 	end
-	return ctx, err;
+	return ctx, err or user_ssl_config;
 end
 
 function reload_ssl_config()
diff --git a/net/http/parser.lua b/net/http/parser.lua
index d896dff4..6d7187da 100644
--- a/net/http/parser.lua
+++ b/net/http/parser.lua
@@ -132,7 +132,7 @@ function httpstream.new(success_cb, error_cb, parser_type, options_cb)
 								state, chunk_size = nil, nil;
 								buf = buf:gsub("^.-\r\n\r\n", ""); -- This ensure extensions and trailers are stripped
 								success_cb(packet);
-							elseif #buf - chunk_start + 2 >= chunk_size then -- we have a chunk
+							elseif #buf - chunk_start - 2 >= chunk_size then -- we have a chunk
 								packet.body = packet.body..buf:sub(chunk_start, chunk_start + (chunk_size-1));
 								buf = buf:sub(chunk_start + chunk_size + 2);
 								chunk_size, chunk_start = nil, nil;
@@ -140,11 +140,11 @@ function httpstream.new(success_cb, error_cb, parser_type, options_cb)
 								break;
 							end
 						elseif len and #buf >= len then
-                                                       if packet.code == 101 then
-                                                               packet.body, buf = buf, ""
-                                                       else
-                                                               packet.body, buf = buf:sub(1, len), buf:sub(len + 1);
-                                                       end
+							if packet.code == 101 then
+								packet.body, buf = buf, "";
+							else
+								packet.body, buf = buf:sub(1, len), buf:sub(len + 1);
+							end
 							state = nil; success_cb(packet);
 						else
 							break;
diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua
index e42adbe1..7e9b0720 100644
--- a/plugins/mod_saslauth.lua
+++ b/plugins/mod_saslauth.lua
@@ -214,6 +214,10 @@ module:hook("stanza/urn:ietf:params:xml:ns:xmpp-sasl:abort", function(event)
 	return true;
 end);
 
+local function tls_unique(self)
+	return self.userdata["tls-unique"]:getpeerfinished();
+end
+
 local mechanisms_attr = { xmlns='urn:ietf:params:xml:ns:xmpp-sasl' };
 local bind_attr = { xmlns='urn:ietf:params:xml:ns:xmpp-bind' };
 local xmpp_session_attr = { xmlns='urn:ietf:params:xml:ns:xmpp-session' };
@@ -223,19 +227,23 @@ module:hook("stream-features", function(event)
 		if secure_auth_only and not origin.secure then
 			return;
 		end
-		origin.sasl_handler = usermanager_get_sasl_handler(module.host, origin);
+		local sasl_handler = usermanager_get_sasl_handler(module.host, origin)
+		origin.sasl_handler = sasl_handler;
 		if origin.encrypted then
 			-- check wether LuaSec has the nifty binding to the function needed for tls-unique
 			-- FIXME: would be nice to have this check only once and not for every socket
-			if origin.conn:socket().getpeerfinished and origin.sasl_handler.add_cb_handler then
-				origin.sasl_handler:add_cb_handler("tls-unique", function(self)
-					return self.userdata:getpeerfinished();
-				end);
-				origin.sasl_handler["userdata"] = origin.conn:socket();
+			if sasl_handler.add_cb_handler then
+				local socket = origin.conn:socket();
+				if socket.getpeerfinished then
+					sasl_handler:add_cb_handler("tls-unique", tls_unique);
+				end
+				sasl_handler["userdata"] = {
+					["tls-unique"] = socket;
+				};
 			end
 		end
 		local mechanisms = st.stanza("mechanisms", mechanisms_attr);
-		for mechanism in pairs(origin.sasl_handler:mechanisms()) do
+		for mechanism in pairs(sasl_handler:mechanisms()) do
 			if (not disabled_mechanisms:contains(mechanism)) and (origin.secure or not insecure_mechanisms:contains(mechanism)) then
 				mechanisms:tag("mechanism"):text(mechanism):up();
 			end
diff --git a/plugins/mod_tls.lua b/plugins/mod_tls.lua
index f2d76c38..d9670d73 100644
--- a/plugins/mod_tls.lua
+++ b/plugins/mod_tls.lua
@@ -32,8 +32,9 @@ local hosts = prosody.hosts;
 local host = hosts[module.host];
 
 local ssl_ctx_c2s, ssl_ctx_s2sout, ssl_ctx_s2sin;
+local ssl_cfg_c2s, ssl_cfg_s2sout, ssl_cfg_s2sin;
 do
-	local NULL, err = {};
+	local NULL = {};
 	local global = module:context("*");
 	local parent = module:context(module.host:match("%.(.*)$"));
 
@@ -48,12 +49,14 @@ do
 	local parent_s2s = parent:get_option("s2s_ssl", NULL);
 	local host_s2s   = module:get_option("s2s_ssl", parent_s2s);
 
-	ssl_ctx_c2s, err = create_context(host.host, "server", host_c2s, host_ssl, global_c2s); -- for incoming client connections
-	if err then module:log("error", "Error creating context for c2s: %s", err); end
+	ssl_ctx_c2s, ssl_cfg_c2s = create_context(host.host, "server", host_c2s, host_ssl, global_c2s); -- for incoming client connections
+	if not ssl_ctx_c2s then module:log("error", "Error creating context for c2s: %s", ssl_cfg_c2s); end
 
-	ssl_ctx_s2sin, err = create_context(host.host, "server", host_s2s, host_ssl, global_s2s); -- for incoming server connections
-	ssl_ctx_s2sout = create_context(host.host, "client", host_s2s, host_ssl, global_s2s); -- for outgoing server connections
-	if err then module:log("error", "Error creating context for s2s: %s", err); end -- Both would have the same issue
+	ssl_ctx_s2sout, ssl_cfg_s2sout = create_context(host.host, "client", host_s2s, host_ssl, global_s2s); -- for outgoing server connections
+	if not ssl_ctx_s2sout then module:log("error", "Error creating contexts for s2sout: %s", ssl_cfg_s2sin); end
+
+	ssl_ctx_s2sin, ssl_cfg_s2sin = create_context(host.host, "server", host_s2s, host_ssl, global_s2s); -- for incoming server connections
+	if not ssl_ctx_s2sin then module:log("error", "Error creating contexts for s2sin: %s", ssl_cfg_s2sin); end
 end
 
 local function can_do_tls(session)
@@ -64,10 +67,13 @@ local function can_do_tls(session)
 	end
 	if session.type == "c2s_unauthed" then
 		session.ssl_ctx = ssl_ctx_c2s;
+		session.ssl_cfg = ssl_cfg_c2s;
 	elseif session.type == "s2sin_unauthed" and allow_s2s_tls then
 		session.ssl_ctx = ssl_ctx_s2sin;
+		session.ssl_cfg = ssl_cfg_s2sin;
 	elseif session.direction == "outgoing" and allow_s2s_tls then
 		session.ssl_ctx = ssl_ctx_s2sout;
+		session.ssl_cfg = ssl_cfg_s2sout;
 	else
 		return false;
 	end
author	Kim Alvefur <zash@zash.se>	2014-11-20 15:01:47 +0100
committer	Kim Alvefur <zash@zash.se>	2014-11-20 15:01:47 +0100
commit	1875a89b0269a92b965298f3ca9f234630e11721 (patch)
tree	1942217f4c99d9e88151d983acabdd514ac04386
parent	1717f1f2e18c51a7c3091f4a98f35db0b1de6860 (diff)
parent	6d35997e95d6491c72dcfc4b1ecf782e7542fbe5 (diff)
download	prosody-1875a89b0269a92b965298f3ca9f234630e11721.tar.gz prosody-1875a89b0269a92b965298f3ca9f234630e11721.zip