aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
| | * | | | | | | | Merge 0.11->trunkKim Alvefur2019-09-212-15/+25
| | |\ \ \ \ \ \ \ \
| | * | | | | | | | | doap: Remove stray '('Kim Alvefur2019-09-191-1/+1
| | | | | | | | | | |
| | * | | | | | | | | doap: Add details about most recent XEPs numbered over 300Kim Alvefur2019-09-191-1/+11
| | | | | | | | | | |
| | * | | | | | | | | doap: Add details to XEPs numbered under 100Kim Alvefur2019-09-191-0/+24
| | | | | | | | | | |
| | * | | | | | | | | doap: Fix namespace of <until>Kim Alvefur2019-09-191-3/+3
| | | | | | | | | | |
| | * | | | | | | | | doap: Update to newer formatKim Alvefur2019-09-191-379/+375
| | | | | | | | | | |
| | * | | | | | | | | util.encodings: Spell out all IDNA 2008 options ICU hasKim Alvefur2019-09-111-1/+24
| | | | | | | | | | |
| | * | | | | | | | | util.encodings: Switch ICU binding to IDNA2008 (fixes #533, #1301)Kim Alvefur2019-09-111-4/+9
| | | | | | | | | | |
| | * | | | | | | | | Prepare required data folder for integration testsMaxime “pep” Buquet2019-09-121-0/+1
| | | | | | | | | | |
| | * | | | | | | | | util.x509: Return sets of services per identityKim Alvefur2019-09-101-7/+34
| | | | | | | | | | |
| | * | | | | | | | | mod_http: Add support for configuring CORS Access-Control-Allow-CredentialsMatthew Wild2019-09-111-2/+6
| | | | | | | | | | |
| | * | | | | | | | | util.x509: Only collect commonNames that pass idnaKim Alvefur2019-09-101-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Weeds out "Example Certificate" and the like, which are uninteresting for this function.
| | * | | | | | | | | util.x509: Nameprep commonName onceKim Alvefur2019-09-101-2/+5
| | | | | | | | | | |
| | * | | | | | | | | doap: Add XEP-0288Kim Alvefur2019-09-091-0/+6
| | | | | | | | | | |
| | * | | | | | | | | doap: Add a Description Of A Project fileKim Alvefur2019-08-271-0/+427
| | | | | | | | | | |
| | * | | | | | | | | mod_admin_telnet: Identify native bidi sessionsKim Alvefur2019-09-081-1/+3
| | | | | | | | | | |
| | * | | | | | | | | CHANGES: Add XEP-0288Kim Alvefur2019-09-081-0/+1
| | | | | | | | | | |
| | * | | | | | | | | mod_s2s_bidi: Enables bi-directional streams via XEP-0288Kim Alvefur2019-09-082-1/+39
| | | | | | | | | | |
| | * | | | | | | | | mod_s2s: Remove warning about hostname mismatchKim Alvefur2019-09-071-5/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It triggers on bidi-related routing where this to/from is flipped. Removing since I don't think we have ever seen this potential bug.
| | * | | | | | | | | mod_s2s: Insert s2sin into outgoing routing table when bidirectionalKim Alvefur2019-09-071-0/+4
| | | | | | | | | | |
| | * | | | | | | | | mod_s2s: Add function to send replies on s2sout connections that support ↵Kim Alvefur2019-09-071-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | incoming traffic
| | * | | | | | | | | mod_s2s: Handle authentication of s2sin and s2sout the same wayKim Alvefur2019-09-071-7/+5
| | | | | | | | | | |
| | * | | | | | | | | core.stanza_router: Handle s2s in more direction-agnostic wayKim Alvefur2019-09-071-2/+2
| | | | | | | | | | |
| | * | | | | | | | | core.s2smanager: Add map of names authenticate for remote on s2sout for ↵Kim Alvefur2019-09-071-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | parity with s2sin Making s2sin and -out look more alike in preparation for bidi support
| | * | | | | | | | | core.s2smanager: Add [direction] boolean flags to s2s connectionsKim Alvefur2019-09-071-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This will allow representing connections that go both directions
| | * | | | | | | | | mod_offline: Add some debug logging to reduce confusionKim Alvefur2019-09-081-1/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Where did these messages come from???
| | * | | | | | | | | util.bitops: Library to find appropriate bitwise library (closes #1395)Kim Alvefur2019-07-223-2/+40
| | | | | | | | | | |
| | * | | | | | | | | mod_s2s: Remove obsolete cleanup codeKim Alvefur2019-09-071-7/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | These were added by s2sout.lib
| | * | | | | | | | | mod_admin_telnet: Identify bidi-capable s2sout sessions (fixes #1403)Kim Alvefur2019-09-071-1/+1
| | | | | | | | | | |
| | * | | | | | | | | tests: Disable TLS in scansion testsKim Alvefur2019-09-071-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | They were not using TLS before. With a36af4570b39 TLS context creation will succeed even without a certificate, so TLS will be offered, but since there is no certificate it does not work.
| | * | | | | | | | | core.certmanager: Lower severity for tls config not having certKim Alvefur2019-09-071-2/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is needed for SNI where certificates are in separate per-hostname contexts, not the main one. If there is a cert, it will still require a corresponding key.
| | * | | | | | | | | net.http: Pass server name along for SNI (fixes #1408)Kim Alvefur2019-09-011-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | net.resolver.basic passes this 'extra' field along to server.addclient
| | * | | | | | | | | net.server: Handle server name (SNI) as extra argumentKim Alvefur2019-09-013-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Code added in 75d2874502c3, 9a905888b96c and adc0672b700e uses this field. See #409 and #1408
| | * | | | | | | | | net.server: Accept and save an 'extra' field for client connectionsKim Alvefur2019-09-013-15/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This lets code attach some extra data to be attached to client connections.
| | * | | | | | | | | Merge 0.11->trunkKim Alvefur2019-08-311-2/+2
| | |\ \ \ \ \ \ \ \ \
| | * | | | | | | | | | MUC: Fix delay tag @from in test to be the room JID (#1054 came back)Kim Alvefur2019-08-311-2/+2
| | | | | | | | | | | |
| | * | | | | | | | | | MUC: Add a test covering basic room creation, messages and destructionKim Alvefur2019-08-311-0/+242
| | | | | | | | | | | |
| | * | | | | | | | | | net.server_epoll: Add support for opportunistic writesKim Alvefur2019-08-281-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This tries to flush data to the underlying sockets when receiving writes. This should lead to fewer timer objects being around. On the other hand, this leads to more and smaller writes which may translate to more TCP/IP packets being sent, depending on how the kernel handles this. This trades throughput for lower latency.
| | * | | | | | | | | | core.certmanager: Remove unused import [luacheck]Kim Alvefur2019-08-251-1/+0
| | | | | | | | | | | |
| | * | | | | | | | | | Remove COMPAT with temporary luasec forkKim Alvefur2019-08-254-14/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The changes in the temporary fork were merged into mainline luasec ca 2013 and included in the 0.5 release in 2014.
| | * | | | | | | | | | MUC: Simplify nickname refresh loopKim Alvefur2019-08-251-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Affiliation data is passed as a loop variable so no need to retrieve it
| | * | | | | | | | | | core.certmanager: Move EECDH ciphers before EDH in default cipherstringKim Alvefur2019-08-251-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The original intent of having kEDH before kEECDH was that if a `dhparam` file was specified, this would be interpreted as a preference by the admin for old and well-tested Diffie-Hellman key agreement over newer elliptic curve ones. Otherwise the faster elliptic curve ciphersuites would be preferred. This didn't really work as intended since this affects the ClientHello on outgoing s2s connections, leading to some servers using poorly configured kEDH. With Debian shipping OpenSSL settings that enforce a higher security level, this caused interoperability problems with servers that use DH params smaller than 2048 bits. E.g. jabber.org at the time of this writing has 1024 bit DH params. MattJ says > Curves have won, and OpenSSL is less weird about them now
| | * | | | | | | | | | mod_storage_internal: Include last text messageKim Alvefur2019-08-231-1/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A protocol built on this API now allows showing a list of unread conversations with a counter, ordered by either oldest or newest message, along with the text body itself.
| | * | | | | | | | | | mod_storage_*: Also include timestmap of first message in :summary APIKim Alvefur2019-08-233-3/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For completeness along with most recent timestamp. Might be nice to be able to order by oldest unread message.
| | * | | | | | | | | | mod_storage_*: Include timestamp of latest message in :summary APIKim Alvefur2019-08-233-3/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Clients may want to show a list of conversations ordered by how timestamp of most recent message. The counts allow a badge with unread message counter.
| | * | | | | | | | | | mod_storage_*: Tweak :summary API to allow future expansion with more fieldsKim Alvefur2019-08-233-9/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Eg might want to include last message, timestamp, chat state or other info.
| | * | | | | | | | | | mod_auth_internal_hashed: Precompute SCRAM authentication profile name ↵Kim Alvefur2019-08-221-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (thanks MattJ)
| | * | | | | | | | | | mod_auth_internal_hashed: Add support for optionally using SCRAM-SHA-256 ↵Kim Alvefur2019-01-132-6/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | instead of SHA-1 This will currently require a hard reset of all passwords back to plain. This will be least painful on new deployments.
| | * | | | | | | | | | util.sasl.scram: Add support for SCRAM-SHA-256Kim Alvefur2019-01-131-0/+1
| | | | | | | | | | | |
| | * | | | | | | | | | util.sasl.scram: Factor out SHA-1 specific getAuthenticationDatabaseSHA1Kim Alvefur2019-01-131-20/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This makes the code more generic, allowing SHA-1 to be replaced