Merge 0.10->trunk

5 files changed, 46 insertions, 11 deletions

diff --git a/core/certmanager.lua b/core/certmanager.lua
index 958ad3a3..05f0f809 100644
--- a/core/certmanager.lua
+++ b/core/certmanager.lua
@@ -101,6 +101,8 @@ local function create_context(host, mode, ...)
 	for option in pairs(path_options) do
 		if type(user_ssl_config[option]) == "string" then
 			user_ssl_config[option] = resolve_path(config_path, user_ssl_config[option]);
+		else
+			user_ssl_config[option] = nil;
 		end
 	end
 
diff --git a/net/websocket/frames.lua b/net/websocket/frames.lua
index fa0e130d..737f46bb 100644
--- a/net/websocket/frames.lua
+++ b/net/websocket/frames.lua
@@ -10,10 +10,8 @@ local softreq = require "util.dependencies".softreq;
 local log = require "util.logger".init "websocket.frames";
 local random_bytes = require "util.random".bytes;
 
-local bit;
-pcall(function() bit = require"bit"; end);
-bit = bit or softreq"bit32"
-if not bit then log("error", "No bit module found. Either LuaJIT 2, lua-bitop or Lua 5.2 is required"); end
+local bit = assert(softreq"bit" or softreq"bit32",
+	"No bit module found. See https://prosody.im/doc/depends#bitop");
 local band = bit.band;
 local bor = bit.bor;
 local bxor = bit.bxor;
@@ -24,6 +22,13 @@ local t_concat = table.concat;
 local s_byte = string.byte;
 local s_char= string.char;
 local s_sub = string.sub;
+local s_pack = string.pack;
+local s_unpack = string.unpack;
+
+if not s_pack and softreq"struct" then
+	s_pack = softreq"struct".pack;
+	s_unpack = softreq"struct".unpack;
+end
 
 local function read_uint16be(str, pos)
 	local l1, l2 = s_byte(str, pos, pos+1);
@@ -32,8 +37,9 @@ end
 -- FIXME: this may lose precision
 local function read_uint64be(str, pos)
 	local l1, l2, l3, l4, l5, l6, l7, l8 = s_byte(str, pos, pos+7);
-	return lshift(l1, 56) + lshift(l2, 48) + lshift(l3, 40) + lshift(l4, 32)
-		+ lshift(l5, 24) + lshift(l6, 16) + lshift(l7, 8) + l8;
+	local h = lshift(l1, 24) + lshift(l2, 16) + lshift(l3, 8) + l4;
+	local l = lshift(l5, 24) + lshift(l6, 16) + lshift(l7, 8) + l8;
+	return h * 2^32 + l;
 end
 local function pack_uint16be(x)
 	return s_char(rshift(x, 8), band(x, 0xFF));
@@ -42,10 +48,29 @@ local function get_byte(x, n)
 	return band(rshift(x, n), 0xFF);
 end
 local function pack_uint64be(x)
-	return s_char(rshift(x, 56), get_byte(x, 48), get_byte(x, 40), get_byte(x, 32),
+	local h = band(x / 2^32, 2^32-1);
+	return s_char(get_byte(h, 24), get_byte(h, 16), get_byte(h, 8), band(h, 0xFF),
 		get_byte(x, 24), get_byte(x, 16), get_byte(x, 8), band(x, 0xFF));
 end
 
+if s_pack then
+	function pack_uint16be(x)
+		return s_pack(">I2", x);
+	end
+	function pack_uint64be(x)
+		return s_pack(">I8", x);
+	end
+end
+
+if s_unpack then
+	function read_uint16be(str, pos)
+		return s_unpack(">I2", str, pos);
+	end
+	function read_uint64be(str, pos)
+		return s_unpack(">I8", str, pos);
+	end
+end
+
 local function parse_frame_header(frame)
 	if #frame < 2 then return; end
 
diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua
index 597aec6c..a199d0ac 100644
--- a/plugins/mod_s2s/mod_s2s.lua
+++ b/plugins/mod_s2s/mod_s2s.lua
@@ -352,6 +352,7 @@ function stream_callbacks.streamopened(session, attr)
 				hosts[to].events.fire_event("s2s-stream-features", { origin = session, features = features });
 			else
 				(session.log or log)("warn", "No 'to' on stream header from %s means we can't offer any features", from or session.ip or "unknown host");
+				fire_global_event("s2s-stream-features-legacy", { origin = session, features = features });
 			end
 
 			if ( session.type == "s2sin" or session.type == "s2sout" ) or features.tags[1] then
diff --git a/plugins/mod_websocket.lua b/plugins/mod_websocket.lua
index d3252980..418cd846 100644
--- a/plugins/mod_websocket.lua
+++ b/plugins/mod_websocket.lua
@@ -4,9 +4,11 @@
 -- This project is MIT/X11 licensed. Please see the
 -- COPYING file in the source package for more information.
 --
+-- luacheck: ignore 431/log
 
 module:set_global();
 
+local add_task = require "util.timer".add_task;
 local add_filter = require "util.filters".add_filter;
 local sha1 = require "util.hashes".sha1;
 local base64 = require "util.encodings".base64.encode;
@@ -24,6 +26,7 @@ local parse_close = websocket_frames.parse_close;
 
 local t_concat = table.concat;
 
+local stream_close_timeout = module:get_option_number("c2s_close_timeout", 5);
 local consider_websocket_secure = module:get_option_boolean("consider_websocket_secure");
 local cross_domain = module:get_option("cross_domain_websocket");
 if cross_domain then
@@ -128,7 +131,7 @@ local function filter_open_close(data)
 
 	return data;
 end
-function handle_request(event, path)
+function handle_request(event)
 	local request, response = event.request, event.response;
 	local conn = response.conn;
 
diff --git a/util/openssl.lua b/util/openssl.lua
index ef3fba96..39fe99d6 100644
--- a/util/openssl.lua
+++ b/util/openssl.lua
@@ -18,8 +18,8 @@ function config.new()
 	return setmetatable({
 		req = {
 			distinguished_name = "distinguished_name",
-			req_extensions = "v3_extensions",
-			x509_extensions = "v3_extensions",
+			req_extensions = "certrequest",
+			x509_extensions = "selfsigned",
 			prompt = "no",
 		},
 		distinguished_name = {
@@ -31,12 +31,16 @@ function config.new()
 			commonName = "example.com",
 			emailAddress = "xmpp@example.com",
 		},
-		v3_extensions = {
+		certrequest = {
 			basicConstraints = "CA:FALSE",
 			keyUsage = "digitalSignature,keyEncipherment",
 			extendedKeyUsage = "serverAuth,clientAuth",
 			subjectAltName = "@subject_alternative_name",
 		},
+		selfsigned = {
+			basicConstraints = "CA:TRUE",
+			subjectAltName = "@subject_alternative_name",
+		},
 		subject_alternative_name = {
 			DNS = {},
 			otherName = {},