aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* util.dependencies: Check for bitop library same way as net.websocket.frames ↵Kim Alvefur2020-10-051-1/+1
| | | | (fixes #1594)
* MUC: Correct advertising of subject write access (really fixes #1155)Kim Alvefur2020-10-041-2/+2
| | | | | | | | | | Thanks pep. and lovetox XEP-0045 §6.4: > any field defined for the muc\#roomconfig FORM_TYPE can be included in > the extended service discovery fields Probably happened because the same mistake is in #1155
* mod_bosh: Ensure that stream is directed to a VirtualHost (fixes #425)Kim Alvefur2020-10-031-0/+16
|
* mod_bosh: Pick out the 'wait' before checking it instead of earlierKim Alvefur2020-10-031-1/+2
| | | | | Going to add more host related checks, so to keep the wait variable closer to the related checks
* Added tag 0.11.7 for changeset ece430d49809Matthew Wild2020-10-010-0/+0
|
* mod_c2s,mod_s2s: Make stanza size limits configurable0.11.7Kim Alvefur2020-05-312-2/+4
|
* MergeMatthew Wild2020-09-305-85/+434
|\
| * mod_websocket: Refactor frame validity checking, also check ↵Matthew Wild2020-09-291-77/+95
| | | | | | | | partially-received frames against constraints
| * net.websocket.frames: Additionally return partial frame if there is oneMatthew Wild2020-09-291-1/+1
| |
| * mod_websocket: Continue to process data already in the buffer after an error ↵Matthew Wild2020-09-281-1/+1
| | | | | | | | | | | | | | | | | | | | occurs Previously any error, or even a normal websocket close frame, would return early, leaving potentially entire frames in the buffer unprocessed and then discarded. This change stops processing new data, but returns an existing processed data up to the point of the error/close.
| * mod_websocket: Enforce stanza size limit and close streamMatthew Wild2020-09-171-0/+4
| |
| * mod_websocket: Add separate limit for frame buffer sizeMatthew Wild2020-09-171-2/+2
| |
| * mod_websocket: handle full frame buffer and raise stream errorMatthew Wild2020-09-171-1/+5
| |
| * mod_websocket: Switch partial frame buffering to util.dbufferMatthew Wild2020-09-172-5/+10
| | | | | | | | | | This improves performance and enforces stanza size limits earlier in the pipeline.
| * net.websocket.frames: Allow all methods to work on non-string objectsMatthew Wild2020-09-171-10/+15
| | | | | | | | | | | | | | | | Instead of using the string library, use methods from the passed object, which are assumed to be equivalent. This provides compatibility with objects from util.ringbuffer and util.dbuffer, for example.
| * util.dbuffer: Simplify test caseKim Alvefur2020-08-241-0/+130
| | | | | | | | | | | | | | | | | | An earlier theory involved the bug being related to collapsing multiple items, so it exercised that too. Also correct the comment, it referred to the space in "hello world" in an earlier version before the test string was changed to "foobar", which was what was tested in a REPL
| * util.dbuffer: Fix :sub() not working with partially-consumed chunks (thanks ↵Matthew Wild2020-08-241-0/+176
| | | | | | | | | | | | Zash for test case) This also appears to fix some bugs with chunk-encoded streams in net.http.parser.
| * util.dbuffer: dynamic string bufferMatthew Wild2020-06-261-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Similar to util.ringbuffer (and shares almost identical API). Differences: - size limit is optional and dynamic - does not allocate a fixed buffer of max_size bytes - focus on simply storing references to existing string objects where possible, avoiding unnecessary allocations - references are still stored in a ring buffer to enable use as a fast FIFO Optional second parameter to new() provides the number of ring buffer segments. On Lua 5.2 on my laptop, a segment is ~19 bytes. If the ring buffer fills up, the next write will compact all strings into a single item.
* | util.indexedbheap: Fix heap datastructure corruption in ↵Waqas Hussain2020-09-292-1/+34
|/ | | | :reschedule(smaller_value)
* util.startup: Configure the GC on startup, using the config or built-in defaultsMatthew Wild2020-06-151-0/+17
|
* util.gc: Linter fixes [luacheck]Matthew Wild2020-06-151-2/+1
|
* util.gc: New module for configuring the Lua garbage collectorMatthew Wild2020-06-151-0/+50
|
* net.http: Add feature discovery (currently just contains SNI)Matthew Wild2020-09-151-0/+3
|
* net.server: Backport client parts of SNI support from trunk (#409)Kim Alvefur2020-08-174-16/+42
| | | | | | | | | | Partial backports of the following commits from trunk: 6c804b6b2ca2 net.http: Pass server name along for SNI (fixes #1408) 75d2874502c3 net.server_select: SNI support (#409) 9a905888b96c net.server_event: Add SNI support (#409) adc0672b700e net.server_epoll: Add support for SNI (#409) d4390c427a66 net.server: Handle server name (SNI) as extra argument
* Added tag 0.11.6 for changeset bacca65ce107Matthew Wild2020-09-090-0/+0
|
* mod_s2s: Escape invalid XML in loggin (same way as mod_c2s) fix #15740.11.6Kim Alvefur2020-08-011-2/+1
|
* net.http: Add request:cancel() methodMatthew Wild2020-08-081-0/+11
| | | | | | | | | | This is a new API that should be used in preference to http.destroy_request() when possible, as it ensures the callback is always called (with an error of course). APIs that have edge-cases where they don't call callbacks have, from experience, shown to be difficult to work with and often lead to unintentional leaks when the callback was expected to free up certain resources.
* net.http: Re-expose destroy_request() functionMatthew Wild2020-08-081-0/+1
| | | | | This was accidentally turned private in 647adfd8f738 as part of refactoring for Lua 5.2+.
* net.resolvers.basic: Default conn_type to 'tcp' consistently if unspecified ↵Matthew Wild2020-07-101-1/+2
| | | | | | (thanks marc0s) Fixes a traceback when passed an IP address with no conn_type.
* net.http: Fix traceback on invalid URL passed to request()Matthew Wild2020-07-071-2/+3
|
* net.http.server: Fix reporting of missing Host headerKim Alvefur2020-06-231-1/+2
| | | | | The "Missing or invalid 'Host' header" case was dead code previously because `host` was always at least an empty string.
* net.http.server: Strip port from Host header in IPv6 friendly way (fix #1302)Kim Alvefur2020-06-231-1/+1
| | | | | E.g. given `[::1]:5280` it would previously result in only `[` instead of the correct `[::1]`
* util.startup: Remove duplicated initialization of logging (fix #1527)Kim Alvefur2020-06-221-1/+0
|
* mod_muc_mam: Don't strip MUC <x> tags, fix #1567Kim Alvefur2020-06-211-3/+0
|
* mod_auth_internal_*: Apply saslprep to passwordsKim Alvefur2020-05-233-2/+25
| | | | Related to #1560
* util.sasl.plain: Apply saslprep to stored passwordKim Alvefur2020-05-221-1/+1
| | | | | | Fixes something like #1560 here too. The password sent by the user already had saslprep applied.
* util.sasl.scram: Apply saslprep before hashing password, fixes #1560Kim Alvefur2020-05-221-0/+4
|
* mod_storage_internal: Fix error in time limited queries on items without ↵Kim Alvefur2020-05-151-2/+4
| | | | 'when' field, fixes #1557
* mod_muc_mam: Remove spoofed archive IDs before archiving, fix #1552Kim Alvefur2020-05-111-1/+1
| | | | | | | | | The stanza-id added during archiving looks exactly like what should be stripped, so the stripping must happen before archiving. Getting priorities right is hard! Also no test coverage yet.
* mod_csi_simple: Consider XEP-0353: Jingle Message Initiation importantKim Alvefur2020-05-081-0/+3
| | | | | | Improves experience with VoIP calls initiated via JMI Closes #1548
* mod_muc_mam: Fix missing advertising of XEP-0359, fixes #1547Kim Alvefur2020-05-081-0/+1
|
* mod_muc_mam: Fix stanza id filter event name, fixes #1546Kim Alvefur2020-04-291-1/+1
| | | | Nice typo
* mod_tls: Log when certificates are (re)loadedKim Alvefur2020-04-261-1/+7
| | | | Meant to reduce user confusion over what's reloaded and not.
* mod_carbons: Fix handling of incoming MUC PMs #1540Kim Alvefur2020-04-261-1/+1
| | | | | | | 27f5db07bec9 fixed this wrong. The code is supposed to check if the stanza is NOT sent to your bare JID. A MUC PM is always sent to your full JID. Hopefully nobody sends MUC invites to full JIDs, because those would be skipped by this as well.
* mod_http_files: Avoid using inode in etag, fix #1498Kim Alvefur2020-04-251-1/+1
|
* MUC tests: Add missing affiliation attributeMatthew Wild2020-04-231-1/+1
|
* Backed out changeset 18f2c7bc5795 (was testing against wrong branch)Matthew Wild2020-04-231-6/+2
|
* MUC tests: Add <required/> to expected form fieldMatthew Wild2020-04-231-2/+6
|
* MUC: Always include 'affiliation'/'role' attributes, defaulting to 'none' if nilMatthew Wild2020-04-231-1/+1
|
* core.certmanager: Move EECDH ciphers before EDH in default cipherstring ↵Kim Alvefur2019-08-251-1/+1
| | | | | | | | | | | | | | | | | | | | | | (fixes #1513) Backport of 94e341dee51c The original intent of having kEDH before kEECDH was that if a `dhparam` file was specified, this would be interpreted as a preference by the admin for old and well-tested Diffie-Hellman key agreement over newer elliptic curve ones. Otherwise the faster elliptic curve ciphersuites would be preferred. This didn't really work as intended since this affects the ClientHello on outgoing s2s connections, leading to some servers using poorly configured kEDH. With Debian shipping OpenSSL settings that enforce a higher security level, this caused interoperability problems with servers that use DH params smaller than 2048 bits. E.g. jabber.org at the time of this writing has 1024 bit DH params. MattJ says > Curves have won, and OpenSSL is less weird about them now