| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
RFC 6331 lists several problems with this outdated authentication
mechanism. The code here was also completely ignored by lint checks and
has probably not been used for a long time, as it is incompatible with
SCRAM-hashed password storage.
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
(fixes #1513)
Backport of 94e341dee51c
The original intent of having kEDH before kEECDH was that if a `dhparam`
file was specified, this would be interpreted as a preference by the
admin for old and well-tested Diffie-Hellman key agreement over newer
elliptic curve ones. Otherwise the faster elliptic curve ciphersuites
would be preferred. This didn't really work as intended since this
affects the ClientHello on outgoing s2s connections, leading to some
servers using poorly configured kEDH.
With Debian shipping OpenSSL settings that enforce a higher security
level, this caused interoperability problems with servers that use DH
params smaller than 2048 bits. E.g. jabber.org at the time of this
writing has 1024 bit DH params.
MattJ says
> Curves have won, and OpenSSL is less weird about them now
|
| | |
| |
| |
| | |
Backport of 88be11e9f9b9
|
| | |
| |
| |
| | |
Oversight in 955e54e451dc when this was added.
|
| | |
| |
| |
| | |
Improves readability, easier to see structure.
|
| | |
| |
| |
| |
| | |
Adds indentation and line breaks to stanzas, to make stanzas easier to
read for humans.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
It is somewhat ambiguous where an error really comes from in the case of
an external component.
Setting by to the bare host at least distinguishes it from JIDs with a
node- or resourcepart.
|
| | | |
|
| | | |
|
| | |
| |
| |
| | |
presence
|
| | |
| |
| |
| | |
occupant presence
|
| | | |
|
| |\| |
|
| | |
| |
| |
| |
| |
| |
| | |
This makes
`prosodyctl cert import example.com /path/to/example.com/fullchain.pem`
work. This was never intended to, yet users commonly tried this and got
problems.
|
| |\| |
|
| | |
| |
| |
| | |
On error, the second return value is the error condition, not the third.
|
| | | |
|
| | |
| |
| |
| |
| | |
Unclear exactly why, but replies to some queries to local modules would
be discarded by stanza_router. This appears to fix it.
|
| |\| |
|
| | |
| |
| |
| | |
Backport of f90abf142d53 from trunk
|
| | |
| |
| |
| |
| |
| |
| | |
Supported in ICU, with a binding in util.encodings. mod_mimicking uses
this to prevent similarity looking JIDs from being registered.
Planned to be used in MUC as well.
|
| |\| |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
The LuaSec :info() method gathers info using the OpenSSL function
SSL_get_current_cipher(). Documentation for this function states that it
may return NULL if no session has been established (yet). If so, the
LuaSec functions wrapping this return nil, triggering a nil-indexing
error in mod_admin_telnet.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This gives service admins a way to set an arbitrary affiliation in any
room. Enables various administrative use cases such as room ownership
reassignment or recovery.
Reduces the need for the admins-as-owners feature, as this can be used
by admins to make themselves owner in any room when needed, instead of
being owners all the time.
|
| | |
| |
| |
| |
| | |
Testing ad-hoc commands was not easily doable before 49312378ba1d
relaxed the need for state and an extra roundtrip to execute commands
|
| | |
| |
| |
| | |
See 76bb806cdd4b
|
| | |
| |
| |
| | |
(fixes #1508)
|
| | |
| |
| |
| |
| |
| |
| |
| | |
RFC 6121 §3.4 says:
> If a server supports subscription pre-approvals, then it MUST
> advertise the following stream feature during stream negotiation.
The feature itself (#686) was added in f0e9e5bda415
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Based on the currently-deferred XEP-0317. The protocol differs
a little (because XEP-0317 is incomplete), therefore currently
we use a custom namespace.
The plan is to update and finish XEP-0317.
|
| | |
| |
| |
| | |
At some point the web chat moved to /chat and then to this subdomain
|
| |\| |
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Changing the default setting of `new_muc_storage_format` from false to true.
The code supports reading both formats since 0.11, but servers with MUCs stored
using the new format will not be able to downgrade to 0.10 or earlier.
The new format is clearer (less nesting for the most commonly-accessed data),
and combined with the new map-store methods, allows for some operations to become
more efficient (such as finding out which MUCs on a service a given user is affiliated
with).
|
| | |
| |
| |
| | |
Activated when muc#roomconfig_presencebroadcast includes the "none" role.
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
Detailed explanation in de607875d4bd. A presence with role="none"
(which is always type="unavailable") should only be broadcast if
available presence was previously broadcast for that occupant.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Currently there is what amounts to a hack in presence_broadcast.lib.lua to
make it always broadcast presence with roles of "none". This is to ensure
that if you previously saw available presence for someone, you will also
see the unavailable presence (which always has role="none").
The correct approach is to take into account what the previous role was (
i.e. answer the question: "Was the available presence for this occupant
a role for which presence broadcast is enabled?).
The logic is already in place to do this correctly, but most call sites
do not provide the previous role (prev_role argument) of the occupant,
which causes it to not be used. In its place the hack to always broadcast
presence of role="none" has allowed things to continue to work.
The intention is that a subsequent commit will remove the unconditional
broadcast of role="none".
|
| |\| |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
(fixes #1504)
This lets Prosody handle socket related work between each step in the
cleanup in order to prevent the server from being completely blocked
during this.
An async storage backend would not need this but those are currently
rare.
|
| | |
| |
| |
| |
| |
| | |
Some lines seem to have gotten the wrong indentation, possibly caused by
Meld which often ignores lines with only whitespace changes and leaves
their previous indentation.
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
