diff options
| -rw-r--r-- | core/certmanager.lua | 2 | ||||
| -rw-r--r-- | net/websocket/frames.lua | 39 | ||||
| -rw-r--r-- | plugins/mod_s2s/mod_s2s.lua | 1 | ||||
| -rw-r--r-- | plugins/mod_websocket.lua | 5 | ||||
| -rw-r--r-- | util/openssl.lua | 10 |
5 files changed, 46 insertions, 11 deletions
diff --git a/core/certmanager.lua b/core/certmanager.lua index 958ad3a3..05f0f809 100644 --- a/core/certmanager.lua +++ b/core/certmanager.lua @@ -101,6 +101,8 @@ local function create_context(host, mode, ...) for option in pairs(path_options) do if type(user_ssl_config[option]) == "string" then user_ssl_config[option] = resolve_path(config_path, user_ssl_config[option]); + else + user_ssl_config[option] = nil; end end diff --git a/net/websocket/frames.lua b/net/websocket/frames.lua index fa0e130d..737f46bb 100644 --- a/net/websocket/frames.lua +++ b/net/websocket/frames.lua @@ -10,10 +10,8 @@ local softreq = require "util.dependencies".softreq; local log = require "util.logger".init "websocket.frames"; local random_bytes = require "util.random".bytes; -local bit; -pcall(function() bit = require"bit"; end); -bit = bit or softreq"bit32" -if not bit then log("error", "No bit module found. Either LuaJIT 2, lua-bitop or Lua 5.2 is required"); end +local bit = assert(softreq"bit" or softreq"bit32", + "No bit module found. See https://prosody.im/doc/depends#bitop"); local band = bit.band; local bor = bit.bor; local bxor = bit.bxor; @@ -24,6 +22,13 @@ local t_concat = table.concat; local s_byte = string.byte; local s_char= string.char; local s_sub = string.sub; +local s_pack = string.pack; +local s_unpack = string.unpack; + +if not s_pack and softreq"struct" then + s_pack = softreq"struct".pack; + s_unpack = softreq"struct".unpack; +end local function read_uint16be(str, pos) local l1, l2 = s_byte(str, pos, pos+1); @@ -32,8 +37,9 @@ end -- FIXME: this may lose precision local function read_uint64be(str, pos) local l1, l2, l3, l4, l5, l6, l7, l8 = s_byte(str, pos, pos+7); - return lshift(l1, 56) + lshift(l2, 48) + lshift(l3, 40) + lshift(l4, 32) - + lshift(l5, 24) + lshift(l6, 16) + lshift(l7, 8) + l8; + local h = lshift(l1, 24) + lshift(l2, 16) + lshift(l3, 8) + l4; + local l = lshift(l5, 24) + lshift(l6, 16) + lshift(l7, 8) + l8; + return h * 2^32 + l; end local function pack_uint16be(x) return s_char(rshift(x, 8), band(x, 0xFF)); @@ -42,10 +48,29 @@ local function get_byte(x, n) return band(rshift(x, n), 0xFF); end local function pack_uint64be(x) - return s_char(rshift(x, 56), get_byte(x, 48), get_byte(x, 40), get_byte(x, 32), + local h = band(x / 2^32, 2^32-1); + return s_char(get_byte(h, 24), get_byte(h, 16), get_byte(h, 8), band(h, 0xFF), get_byte(x, 24), get_byte(x, 16), get_byte(x, 8), band(x, 0xFF)); end +if s_pack then + function pack_uint16be(x) + return s_pack(">I2", x); + end + function pack_uint64be(x) + return s_pack(">I8", x); + end +end + +if s_unpack then + function read_uint16be(str, pos) + return s_unpack(">I2", str, pos); + end + function read_uint64be(str, pos) + return s_unpack(">I8", str, pos); + end +end + local function parse_frame_header(frame) if #frame < 2 then return; end diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index 597aec6c..a199d0ac 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -352,6 +352,7 @@ function stream_callbacks.streamopened(session, attr) hosts[to].events.fire_event("s2s-stream-features", { origin = session, features = features }); else (session.log or log)("warn", "No 'to' on stream header from %s means we can't offer any features", from or session.ip or "unknown host"); + fire_global_event("s2s-stream-features-legacy", { origin = session, features = features }); end if ( session.type == "s2sin" or session.type == "s2sout" ) or features.tags[1] then diff --git a/plugins/mod_websocket.lua b/plugins/mod_websocket.lua index d3252980..418cd846 100644 --- a/plugins/mod_websocket.lua +++ b/plugins/mod_websocket.lua @@ -4,9 +4,11 @@ -- This project is MIT/X11 licensed. Please see the -- COPYING file in the source package for more information. -- +-- luacheck: ignore 431/log module:set_global(); +local add_task = require "util.timer".add_task; local add_filter = require "util.filters".add_filter; local sha1 = require "util.hashes".sha1; local base64 = require "util.encodings".base64.encode; @@ -24,6 +26,7 @@ local parse_close = websocket_frames.parse_close; local t_concat = table.concat; +local stream_close_timeout = module:get_option_number("c2s_close_timeout", 5); local consider_websocket_secure = module:get_option_boolean("consider_websocket_secure"); local cross_domain = module:get_option("cross_domain_websocket"); if cross_domain then @@ -128,7 +131,7 @@ local function filter_open_close(data) return data; end -function handle_request(event, path) +function handle_request(event) local request, response = event.request, event.response; local conn = response.conn; diff --git a/util/openssl.lua b/util/openssl.lua index ef3fba96..39fe99d6 100644 --- a/util/openssl.lua +++ b/util/openssl.lua @@ -18,8 +18,8 @@ function config.new() return setmetatable({ req = { distinguished_name = "distinguished_name", - req_extensions = "v3_extensions", - x509_extensions = "v3_extensions", + req_extensions = "certrequest", + x509_extensions = "selfsigned", prompt = "no", }, distinguished_name = { @@ -31,12 +31,16 @@ function config.new() commonName = "example.com", emailAddress = "xmpp@example.com", }, - v3_extensions = { + certrequest = { basicConstraints = "CA:FALSE", keyUsage = "digitalSignature,keyEncipherment", extendedKeyUsage = "serverAuth,clientAuth", subjectAltName = "@subject_alternative_name", }, + selfsigned = { + basicConstraints = "CA:TRUE", + subjectAltName = "@subject_alternative_name", + }, subject_alternative_name = { DNS = {}, otherName = {}, |