8 files changed, 56 insertions, 19 deletions

diff --git a/core/portmanager.lua b/core/portmanager.lua
index 904c979c..88bd7b61 100644
--- a/core/portmanager.lua
+++ b/core/portmanager.lua
@@ -245,22 +245,26 @@ local function add_sni_host(host, service)
 	for name, interface, port, n, active_service --luacheck: ignore 213
 		in active_services:iter(service, nil, nil, nil) do
 		if active_service.server and active_service.tls_cfg then
+			local config_prefix = (active_service.config_prefix or name).."_";
+			if config_prefix == "_" then config_prefix = ""; end
+			local prefix_ssl_config = config.get(host, config_prefix.."ssl");
 			local alternate_host = name and config.get(host, name.."_host");
 			if not alternate_host and name == "https" then
 				-- TODO should this be some generic thing? e.g. in the service definition
 				alternate_host = config.get(host, "http_host");
 			end
-			local autocert = certmanager.find_host_cert(alternate_host or host);
-			local manualcert = active_service.tls_cfg;
-			local certificate = (autocert and autocert.certificate) or manualcert.certificate;
-			local key = (autocert and autocert.key) or manualcert.key;
-			local ok, err = active_service.server:sslctx():set_sni_host(
-				host,
-				certificate,
-				key
-			);
-			if not ok then
+			local ssl, err, cfg = certmanager.create_context(alternate_host or host, "server", prefix_ssl_config, active_service.tls_cfg);
+			if not ssl then
 				log("error", "Error creating TLS context for SNI host %s: %s", host, err);
+			else
+				local ok, err = active_service.server:sslctx():set_sni_host(
+					host,
+					cfg.certificate,
+					cfg.key
+					);
+				if not ok then
+					log("error", "Error creating TLS context for SNI host %s: %s", host, err);
+				end
 			end
 		end
 	end
diff --git a/doc/doap.xml b/doc/doap.xml
index 9c97ef1c..79bf8a2e 100644
--- a/doc/doap.xml
+++ b/doc/doap.xml
@@ -381,6 +381,15 @@
     </implements>
     <implements>
       <xmpp:SupportedXep>
+        <xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0156.html"/>
+        <xmpp:version>1.4.0</xmpp:version>
+        <xmpp:since>13.0.0</xmpp:since>
+        <xmpp:status>complete</xmpp:status>
+        <xmpp:note>mod_http_altconnect</xmpp:note>
+      </xmpp:SupportedXep>
+    </implements>
+    <implements>
+      <xmpp:SupportedXep>
         <xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0157.html"/>
         <xmpp:version>1.1.1</xmpp:version>
         <xmpp:since>0.10.0</xmpp:since>
@@ -717,6 +726,24 @@
     </implements>
     <implements>
       <xmpp:SupportedXep>
+        <xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0333.html"/>
+        <xmpp:version>1.0.0</xmpp:version>
+        <xmpp:since>0.10.0</xmpp:since>
+        <xmpp:status>partial</xmpp:status>
+        <xmpp:note>Used in mod_mam and mod_muc</xmpp:note>
+      </xmpp:SupportedXep>
+    </implements>
+    <implements>
+      <xmpp:SupportedXep>
+        <xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0334.html"/>
+        <xmpp:version>1.0.0</xmpp:version>
+        <xmpp:since>0.10.0</xmpp:since>
+        <xmpp:status>complete</xmpp:status>
+        <xmpp:note>Used in mod_carbons, mod_mam, and mod_muc</xmpp:note>
+      </xmpp:SupportedXep>
+    </implements>
+    <implements>
+      <xmpp:SupportedXep>
         <xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0352.html"/>
         <xmpp:version>1.0.0</xmpp:version>
         <xmpp:since>0.11.0</xmpp:since>
diff --git a/plugins/mod_admin_shell.lua b/plugins/mod_admin_shell.lua
index 28d758d0..c2b921b4 100644
--- a/plugins/mod_admin_shell.lua
+++ b/plugins/mod_admin_shell.lua
@@ -205,7 +205,13 @@ module:hook("admin/repl-requested-input", function (event)
 		event.origin.send(st.stanza("repl-result", { type = "error" }):text("Internal error - unexpected input"));
 		return true;
 	end
-	input_promise.resolve(event.stanza:get_text());
+	local status = event.stanza.attr.status or "submit";
+	local text = event.stanza:get_text();
+	if status == "submit" then
+		input_promise.resolve(text);
+	else
+		input_promise.reject(status == "cancel" and (text ~= "" and text)  or "cancelled");
+	end
 	return true;
 end);
 
diff --git a/plugins/mod_mam/mod_mam.lua b/plugins/mod_mam/mod_mam.lua
index b57fc030..4eb49819 100644
--- a/plugins/mod_mam/mod_mam.lua
+++ b/plugins/mod_mam/mod_mam.lua
@@ -341,7 +341,6 @@ local function should_store(stanza) --> boolean, reason: string
 	end
 	if stanza:get_child("no-store", "urn:xmpp:hints")
 	or stanza:get_child("no-permanent-store", "urn:xmpp:hints") then
-		-- XXX Experimental XEP
 		return false, "hint";
 	end
 	if stanza:get_child("store", "urn:xmpp:hints") then
@@ -365,7 +364,6 @@ local function should_store(stanza) --> boolean, reason: string
 		return true, "receipt";
 	end
 	if stanza:get_child(nil, "urn:xmpp:chat-markers:0") then
-		-- XXX Experimental XEP
 		return true, "marker";
 	end
 	if stanza:get_child("x", "jabber:x:conference")
diff --git a/plugins/mod_roster.lua b/plugins/mod_roster.lua
index 5ffdfe1a..d167e11a 100644
--- a/plugins/mod_roster.lua
+++ b/plugins/mod_roster.lua
@@ -162,7 +162,7 @@ function subscribe(user_jid, contact_jid)
 		rostermanager.set_contact_pending_out(user_username, user_host, contact_jid);
 	end
 
-	if prosody.hosts[contact_host] then -- Sending to a local host?
+	if prosody.hosts[contact_host] and prosody.hosts[contact_host].type == "local" then -- Sending to a local host?
 		-- Update contact's roster to say subscription request is pending...
 		rostermanager.set_contact_pending_in(contact_username, contact_host, user_jid);
 		-- Update contact's roster to say subscription request approved...
diff --git a/plugins/muc/history.lib.lua b/plugins/muc/history.lib.lua
index 005bd1d8..f85decfb 100644
--- a/plugins/muc/history.lib.lua
+++ b/plugins/muc/history.lib.lua
@@ -204,7 +204,6 @@ module:hook("muc-message-is-historic", function (event)
 	local stanza = event.stanza;
 	if stanza:get_child("no-store", "urn:xmpp:hints")
 	or stanza:get_child("no-permanent-store", "urn:xmpp:hints") then
-		-- XXX Experimental XEP
 		return false, "hint";
 	end
 	if stanza:get_child("store", "urn:xmpp:hints") then
@@ -219,7 +218,6 @@ module:hook("muc-message-is-historic", function (event)
 		return true, "encrypted";
 	end
 	if stanza:get_child(nil, "urn:xmpp:chat-markers:0") then
-		-- XXX Experimental XEP
 		return true, "marker";
 	end
 end, -1);
diff --git a/util/adminstream.lua b/util/adminstream.lua
index 5387c906..8e32a91d 100644
--- a/util/adminstream.lua
+++ b/util/adminstream.lua
@@ -82,7 +82,8 @@ end
 
 local function session_close(session, reason)
 	local log = session.log or log;
-	if session.conn then
+	local conn = session.conn;
+	if conn then
 		if session.notopen then
 			session:open_stream();
 		end
@@ -115,7 +116,6 @@ local function session_close(session, reason)
 		session.log("debug", "c2s stream for %s closed: %s", session.full_jid or session.ip or "<unknown>", reason_text or "session closed");
 
 		-- Authenticated incoming stream may still be sending us stanzas, so wait for </stream:stream> from remote
-		local conn = session.conn;
 		if reason_text == nil and not session.notopen and session.type == "c2s" then
 			-- Grace time to process data from authenticated cleanly-closed stream
 			add_task(stream_close_timeout, function ()
diff --git a/util/prosodyctl/shell.lua b/util/prosodyctl/shell.lua
index 31936989..4deb8615 100644
--- a/util/prosodyctl/shell.lua
+++ b/util/prosodyctl/shell.lua
@@ -134,7 +134,11 @@ local function start(arg) --luacheck: ignore 212/arg
 		end
 		if stanza.attr.type == "password" then
 			local password = human_io.read_password();
-			client.send(st.stanza("repl-requested-input", { type = stanza.attr.type, id = stanza.attr.id }):text(password));
+			client.send(st.stanza("repl-requested-input", {
+				type = stanza.attr.type;
+				id = stanza.attr.id;
+				status = password and "submit" or "cancel";
+			}):text(password or ""));
 		else
 			io.stderr:write("Internal error - unexpected input request type "..tostring(stanza.attr.type).."\n");
 			os.exit(1);