aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* util.sasl: Add stub testsKim Alvefur2019-12-141-0/+43
| | | | Random uncommitted file I found when cleaning out my work dir
* util.error: Move default for numeric error code to net.http.serverKim Alvefur2019-12-142-2/+2
| | | | | | Stanza errors can also have numbers but these are a legacy thing and rarely used, except in MUC. HTTP errors on the other hand always have a number.
* mod_s2s: Fix name conflict introduced in c7864f970969Kim Alvefur2019-12-101-7/+7
|
* util.sasl.scram: Ignore unused authzid variable (strict lint)Kim Alvefur2019-12-091-0/+1
| | | | | It would be nice if authzid was passed down into the stack and could be used by plugins for things.
* .luacheckrc: Remove passing spec/ files from ignore listMatthew Wild2019-12-091-3/+0
|
* net.http.parser tests: Expand tests to include validation of resultsMatthew Wild2019-12-091-22/+86
|
* .luacheckrc: Remove passing file from ignore listMatthew Wild2019-12-091-1/+0
|
* configmanager tests: Split long lineMatthew Wild2019-12-091-1/+3
|
* util.x509: Fix recording of CommonNames in get_identitiesKim Alvefur2019-12-081-1/+1
| | | | | | | | | Don't worry, this function is not used by anything yet, this isn't a security issue. It'll be used by Prosody to pick the correct certificate for itself in the future. The `names` multitable is a collection of (name, service) pairs but it put them in the wrong order here.
* util.error: Write down some thoughts in commentsKim Alvefur2019-12-081-0/+7
|
* net.server_epoll: Use monotonic time for schedulingKim Alvefur2019-12-081-9/+11
| | | | Timer API of passing wallclock time remains
* net.server_epoll: Change timer rescheduling method to match util.timerKim Alvefur2019-12-081-2/+3
| | | | | Relative to current time instead of absolute time, in preparation for switching to monotonic time.
* net.server_epoll: Remove unused function for adding timer at absolute timeKim Alvefur2019-12-081-8/+3
| | | | This won't make sense if we switch to monotonic time
* mod_admin_telnet: Avoid using LuaSocket for timestampsKim Alvefur2019-12-081-2/+1
| | | | | Using util.time will make it easier to move away from LuaSocket if we ever wanted to do that.
* mod_saslauth: Set a nicer bounce error explaining SASL EXTERNAL failuresKim Alvefur2019-12-071-1/+4
| | | | | | | | Better than the previous string concatenation of SASL failure condition and optional text sent by the remote server. Would be nice to have a text per condition, other than the probably most common 'not-authorized'.
* mod_saslauth: Collect SASL EXTERNAL failures into an util.error objectKim Alvefur2019-12-071-5/+12
| | | | | Will be easier than that concatenated string to extract info out of for use elsewhere.
* net.server_epoll: Add debug logging for delayed readingKim Alvefur2019-12-071-0/+1
| | | | | | | | | | | | | | | | In :onreadable, if there is still buffered incoming data after reading from the socket (as indicated by the :dirty method, usually because LuaSocket has an 8k buffer that's full but it read a smaller amount), another attempt to read is scheduled via this :pausefor method. This is also called from some other places where it would be pointless to read because there shouldn't be any data. In the delayed read case, this should report that the socket is "dirty". If it reports that the socket is "clean" then the question is where the buffer contents went? If this doesn't get logged after the scheduled time (0.000001s by default) then this would suggests a problem with timer or scheduling.
* net.connect: Mention RFC 6724 regressionKim Alvefur2019-12-072-0/+2
| | | | | Default Address Selection algorithm is not applied, resulting in a strong bias towards IPv4.
* net.connect: Add some TODOs and FIXMEsKim Alvefur2019-12-073-1/+10
| | | | And mention issue numbers: #1246, #1428 and #1429
* mod_s2s: Invert condition to return early and reduce indentationKim Alvefur2019-12-041-26/+26
|
* mod_s2s: Fix mistake in 28755107c2f4Kim Alvefur2019-12-031-0/+1
|
* mod_saslauth: Advertise correct set of mechanismsKim Alvefur2019-12-021-1/+1
| | | | | | | | | Mistakenly iterates over the set of all supported mechanisms instead of the one without insecure mechanisms if the connection is insecure. Not a problem if c2s_require_encryption is true Introduced in 56a0f68b7797
* util.*.c: Add static qualifiers everywhereEmmanuel Gil Peyrot2019-12-016-52/+47
|
* util.encodings: Remove redundant castEmmanuel Gil Peyrot2019-12-011-1/+1
|
* util.encodings: Don’t export unneeded symbolsEmmanuel Gil Peyrot2019-12-011-8/+8
| | | | This reduces the binary size from 22704 B to 18592 B.
* mod_s2s: Refactor stream error handling on closeKim Alvefur2019-12-011-19/+14
| | | | | | Deduplicates the 3 log calls that log the same thing but subtly differently. The first one would say "Disconnecting localhost" and the last one didn't log the IP.
* mod_s2s: Use stanza type check instead of duck typingKim Alvefur2019-12-011-1/+1
|
* mod_net_multiplex: Remove debug messageKim Alvefur2019-12-011-1/+0
| | | | | This was something I added during development and set to info level for visibility.
* net.server_select: Remove prefix added to TLS handshaker errorsKim Alvefur2019-12-011-1/+1
| | | | For consistency. None of the other implementations do this.
* mod_s2s: Improve TLS handshake error messagesKim Alvefur2019-12-011-0/+4
| | | | | | This should make it clearer that it's about the TLS handshake. Otherwise it's something like "unsupported protocol" or "no shared ciphers" that might not be that obvious.
* mod_s2s: Log from session loggerKim Alvefur2019-11-301-1/+1
| | | | Helps locating all messages related to a specific session
* mod_s2s: Improve log message about forbidding insecure connectionsKim Alvefur2019-11-301-1/+1
| | | | This new wording generator is nice.
* mod_admin_telnet: Sort hostsKim Alvefur2019-11-301-1/+5
| | | | | | Groups by domain in DNS hierarchy order or something. Why not split on '.' you ask? Well becasue that's not what I typed here. Also "[^.]" is longer than "%P".
* mod_carbons: Improve performance by delaying creation of carbon payloadKim Alvefur2019-11-301-11/+15
| | | | | | If there are no other sessions which also enabled carbons then the carbons wrapper is not used and the potentially expensive clone operation was a waste of cycles.
* core.portmanager: Complete error message for SNI TLS context problemsKim Alvefur2019-11-301-1/+1
|
* tests: Disable s2s in scansion testsKim Alvefur2019-11-301-1/+4
| | | | These are all c2s tests, no need to have s2s enabled.
* mod_net_multiplex: Tweak debug logging for ALPN caseKim Alvefur2019-11-291-2/+1
|
* mod_net_multiplex: Add support for using ALPNKim Alvefur2019-11-296-3/+42
| | | | | | | Potentially a bit more efficient since it can jump to the selected protocol on connect instead of waiting for some data to look at. Adds a 'protocol' field to net providers for this purpose.
* net.http: Set ALPN on requestsKim Alvefur2019-11-291-1/+1
| | | | | | Shouldn't hurt. Revert if it turns out it does. Supported in LuaSec 0.8. Should be ignored otherwise.
* core.portmanager: Fix TLS context inheritance for SNI hosts (completes SNI ↵Kim Alvefur2019-11-292-10/+6
| | | | support)
* core.portmanager: Don't set the first TLS context with a cert as main contextKim Alvefur2019-11-291-4/+0
| | | | Don't think this works and it's apparently acceptable to require SNI these days.
* mod_admin_telnet: Display ALPN in show_tls() if supported and availableKim Alvefur2019-11-211-0/+6
|
* mod_http: Log served URLs at 'info' levelKim Alvefur2019-11-291-1/+1
| | | | | | These are similar to the "activated service" messages from portmanager and similarily useful for the service admin to know even if they're not debugging anything.
* mod_s2s: Prevent unhandled stanza handler from complaining about stream ↵Kim Alvefur2019-11-291-2/+2
| | | | | | features on aborted connections I have no idea why I wrote return false in e5945fb5b71f
* mod_s2s_bidi: Ignore unencrypted connections if s2s_require_encryption is setKim Alvefur2019-11-281-3/+5
| | | | Prevents some weirdness in cases where no authentication is done
* mod_s2s: Abort outgoing connections earlier when TLS requirement isn't satisfiedKim Alvefur2019-11-281-0/+7
| | | | | This ensures the closure reason is accurate and not reported as an authentication or other problem
* mod_s2s: Send stream errors for cert problems on outgoing connectionsKim Alvefur2019-11-281-6/+7
| | | | Rationale in comment.
* mod_s2s: Improve error in bounces due to cert validation problemsKim Alvefur2019-11-271-3/+24
|
* mod_s2s_auth_certs: Save chain validation errors for later useKim Alvefur2019-11-271-0/+1
|
* net.websocket: Fix traceback in case of ondisconnect being called twiceMatthew Wild2019-11-261-0/+1
| | | | | We want to figure out what situations the double ondisconnect happens in, and aim to fix the root cause in the future.