| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
| |
| |
| |
| |
| |
| |
| | |
convenience
This is the same as the input table (which is mutated during processing), but
if that table was created on the fly, such as by packing `...` it's convenient
if it also gets returned from the parse function.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
This change ensures we have positively verified the certificates of the server
we are connecting to before marking the session as authenticated. It protects
against situations where the verify-or-close stage of the connection was
interrupted (e.g. due to an uncaught error).
Thanks to Zash for discovery and testing.
|
| | |
| |
| |
| |
| |
| | |
Otherwise it would just report "is not trusted" unless you inspect the
logs. This message is sent to to the remote server, and will hopefully
show up in their logs, allowing the admin to fix their DANE setup.
|
| | |
| |
| |
| |
| | |
Should be invoked for cases such as when the Let's Encrypt intermediate
certificate expired not too long ago.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Using a timer was a hack to get around that stream features are not
available at the right time and sendq stanzas were stored as strings
so could not be counted properly. The later has now been fixed and the
former is fixed by recording the relevant stream feature on the session
so that the correct version of XEP-0198 can be activated once the
connection has been authenticated and is ready to start.
|
| | |
| |
| |
| | |
Same as previous commit
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Equivalent to 'local' in Lua, these functions are exported via the
luaopen_ function, which is the only one needing to be visible outside
of the file.
Pointed out by Link Mauve at some point, but there wasn't really any
rush here.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Connection attempts that failed the Happy Eyeballs race were not
unreferenced and would accumulate.
Tested by inspecting the 'pending_connections_map' after establishing
s2s with a s2s target where the IPv6 port has a -j DROP rule causing it
to time out and the IPv4 attempt wins the race.
Expected is that the losing connection stays around until net.server
timeouts kick in where it should be removed. The map table should tend
towards being empty during idle times.
|
| |\| |
|
| | |
| |
| |
| | |
(thanks eTaurus)
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This is the "right" thing to do. Strings were more memory-efficient, but
e.g. bypassed stanza filters at reconnection time. Also not being stanzas
prevents us from potential future work, such as merging sendq with mod_smacks.
Regarding performance: we should counter the probable negative effect of this
change with other positive changes that are desired anyway - e.g. a limit on
the size of the sendq, improved in-memory representation of stanzas, s2s
backoff (e.g. if a remote server is persistently unreachable, cache this
failure for a while and don't just keep forever queuing stanzas for it).
|
| |\| |
|
| | |
| |
| |
| |
| |
| |
| | |
Turns out this table was wrong, it's missing some fields which are
required and it's 'name', not 'node'. Setting it to the boolean true
invokes compatibility behavior in mod_pep which results in the correct
default structure.
|
| |\| |
|
| | |
| |
| |
| |
| | |
Looks like this function was a copy of hex_to_base64 without modifying
it to do its inverse.
|
| | |
| |
| |
| |
| |
| | |
pubsub#admin data
Allows migrating PEP nodes with default settings
|
| | |
| |
| |
| | |
What were we looking at?
|
| |\| |
|
| | | |
|
| |\| |
|
| | |
| |
| |
| |
| | |
Needed since it checks the manifest of the repository and most likely
defaults to luarocks.org unless specified
|
| |\| |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
(fix #1736)
This flag is something of a shortcut for `module.host == "*"` and should
always be equal to that. Its absence on the proxy object made the
property of the global module instance visible, causing problems such as
with URL reporting in mod_http
|
| |\| |
|
| | |
| |
| |
| | |
VirtualHost (fixes #1735, thanks arawaks)
|
| |\| |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
util.crand can be configured at compile time to use the Linux
getrandom() system call, available from Linux 3.17, but it is still
possible to load it with an older kernel lacking that system call, where
attempting to use it throws an ENOSYS error.
By testing for this on load we can fall back to /dev/urandom in this
case.
|
| |\| |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
The same-origin policy enforced by browsers is a security measure that should
only be turned off when it is safe to do so. It is safe to do so in Prosody's
default modules, but people may load third-party modules that are unsafe.
Therefore we have flipped the default, so that modules must explicitly opt in
to having CORS headers added on their requests.
|
| | |
| |
| |
| |
| | |
This is far better than pre-0.12, because we now have a universal way to
configure and enable/disable CORS on a per-module basis.
|
| |\| |
|
| | |
| |
| |
| | |
#1729)
|
| | | |
|
| |\| |
|
| | | |
|
| | |
| |
| |
| | |
option (fixes #1727)
|
| |\| |
|
| | |
| |
| |
| | |
Good to know since it affects how well the shell works
|
| |\| |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This is allowed by XEP-0045, which states:
"A moderator SHOULD NOT be allowed to revoke moderation privileges from
someone with a higher affiliation than themselves (i.e., an unaffiliated
moderator SHOULD NOT be allowed to revoke moderation privileges from an admin
or an owner, and an admin SHOULD NOT be allowed to revoke moderation
privileges from an owner)."
|
| |\| |
|
| | |
| |
| |
| |
| | |
This message was misplaced in c4599a7c534c when the @type and @host
check was introduced.
|
| | |
| |
| |
| | |
Since commands[node] was already stored in a local a few lines up
|
| | |
| |
| |
| |
| | |
This allows easier access to these, which could be useful for all sorts
of reasons
|
| |\| |
|
| | | |
|
| | | |
|
