Commit message (Collapse) | Author | Age | Files | Lines | ||
---|---|---|---|---|---|---|
... | ||||||
* | | mod_saslauth: Advertise correct set of mechanisms | Kim Alvefur | 2019-12-02 | 1 | -1/+1 | |
| | | | | | | | | | | | | | | | | | | Mistakenly iterates over the set of all supported mechanisms instead of the one without insecure mechanisms if the connection is insecure. Not a problem if c2s_require_encryption is true Introduced in 56a0f68b7797 | |||||
* | | util.*.c: Add static qualifiers everywhere | Emmanuel Gil Peyrot | 2019-12-01 | 6 | -52/+47 | |
| | | ||||||
* | | util.encodings: Remove redundant cast | Emmanuel Gil Peyrot | 2019-12-01 | 1 | -1/+1 | |
| | | ||||||
* | | util.encodings: Don?t export unneeded symbols | Emmanuel Gil Peyrot | 2019-12-01 | 1 | -8/+8 | |
| | | | | | | | | This reduces the binary size from 22704?B to 18592?B. | |||||
* | | mod_s2s: Refactor stream error handling on close | Kim Alvefur | 2019-12-01 | 1 | -19/+14 | |
| | | | | | | | | | | | | Deduplicates the 3 log calls that log the same thing but subtly differently. The first one would say "Disconnecting localhost" and the last one didn't log the IP. | |||||
* | | mod_s2s: Use stanza type check instead of duck typing | Kim Alvefur | 2019-12-01 | 1 | -1/+1 | |
| | | ||||||
* | | mod_net_multiplex: Remove debug message | Kim Alvefur | 2019-12-01 | 1 | -1/+0 | |
| | | | | | | | | | | This was something I added during development and set to info level for visibility. | |||||
* | | net.server_select: Remove prefix added to TLS handshaker errors | Kim Alvefur | 2019-12-01 | 1 | -1/+1 | |
| | | | | | | | | For consistency. None of the other implementations do this. | |||||
* | | mod_s2s: Improve TLS handshake error messages | Kim Alvefur | 2019-12-01 | 1 | -0/+4 | |
| | | | | | | | | | | | | This should make it clearer that it's about the TLS handshake. Otherwise it's something like "unsupported protocol" or "no shared ciphers" that might not be that obvious. | |||||
* | | mod_s2s: Log from session logger | Kim Alvefur | 2019-11-30 | 1 | -1/+1 | |
| | | | | | | | | Helps locating all messages related to a specific session | |||||
* | | mod_s2s: Improve log message about forbidding insecure connections | Kim Alvefur | 2019-11-30 | 1 | -1/+1 | |
| | | | | | | | | This new wording generator is nice. | |||||
* | | mod_admin_telnet: Sort hosts | Kim Alvefur | 2019-11-30 | 1 | -1/+5 | |
| | | | | | | | | | | | | Groups by domain in DNS hierarchy order or something. Why not split on '.' you ask? Well becasue that's not what I typed here. Also "[^.]" is longer than "%P". | |||||
* | | mod_carbons: Improve performance by delaying creation of carbon payload | Kim Alvefur | 2019-11-30 | 1 | -11/+15 | |
| | | | | | | | | | | | | If there are no other sessions which also enabled carbons then the carbons wrapper is not used and the potentially expensive clone operation was a waste of cycles. | |||||
* | | core.portmanager: Complete error message for SNI TLS context problems | Kim Alvefur | 2019-11-30 | 1 | -1/+1 | |
| | | ||||||
* | | tests: Disable s2s in scansion tests | Kim Alvefur | 2019-11-30 | 1 | -1/+4 | |
| | | | | | | | | These are all c2s tests, no need to have s2s enabled. | |||||
* | | mod_net_multiplex: Tweak debug logging for ALPN case | Kim Alvefur | 2019-11-29 | 1 | -2/+1 | |
| | | ||||||
* | | mod_net_multiplex: Add support for using ALPN | Kim Alvefur | 2019-11-29 | 6 | -3/+42 | |
| | | | | | | | | | | | | | | Potentially a bit more efficient since it can jump to the selected protocol on connect instead of waiting for some data to look at. Adds a 'protocol' field to net providers for this purpose. | |||||
* | | net.http: Set ALPN on requests | Kim Alvefur | 2019-11-29 | 1 | -1/+1 | |
| | | | | | | | | | | | | Shouldn't hurt. Revert if it turns out it does. Supported in LuaSec 0.8. Should be ignored otherwise. | |||||
* | | core.portmanager: Fix TLS context inheritance for SNI hosts (completes SNI ↵ | Kim Alvefur | 2019-11-29 | 2 | -10/+6 | |
| | | | | | | | | support) | |||||
* | | core.portmanager: Don't set the first TLS context with a cert as main context | Kim Alvefur | 2019-11-29 | 1 | -4/+0 | |
| | | | | | | | | Don't think this works and it's apparently acceptable to require SNI these days. | |||||
* | | mod_admin_telnet: Display ALPN in show_tls() if supported and available | Kim Alvefur | 2019-11-21 | 1 | -0/+6 | |
| | | ||||||
* | | mod_http: Log served URLs at 'info' level | Kim Alvefur | 2019-11-29 | 1 | -1/+1 | |
| | | | | | | | | | | | | These are similar to the "activated service" messages from portmanager and similarily useful for the service admin to know even if they're not debugging anything. | |||||
* | | mod_s2s: Prevent unhandled stanza handler from complaining about stream ↵ | Kim Alvefur | 2019-11-29 | 1 | -2/+2 | |
| | | | | | | | | | | | | features on aborted connections I have no idea why I wrote return false in e5945fb5b71f | |||||
* | | mod_s2s_bidi: Ignore unencrypted connections if s2s_require_encryption is set | Kim Alvefur | 2019-11-28 | 1 | -3/+5 | |
| | | | | | | | | Prevents some weirdness in cases where no authentication is done | |||||
* | | mod_s2s: Abort outgoing connections earlier when TLS requirement isn't satisfied | Kim Alvefur | 2019-11-28 | 1 | -0/+7 | |
| | | | | | | | | | | This ensures the closure reason is accurate and not reported as an authentication or other problem | |||||
* | | mod_s2s: Send stream errors for cert problems on outgoing connections | Kim Alvefur | 2019-11-28 | 1 | -6/+7 | |
| | | | | | | | | Rationale in comment. | |||||
* | | mod_s2s: Improve error in bounces due to cert validation problems | Kim Alvefur | 2019-11-27 | 1 | -3/+24 | |
| | | ||||||
* | | mod_s2s_auth_certs: Save chain validation errors for later use | Kim Alvefur | 2019-11-27 | 1 | -0/+1 | |
| | | ||||||
* | | net.websocket: Fix traceback in case of ondisconnect being called twice | Matthew Wild | 2019-11-26 | 1 | -0/+1 | |
| | | | | | | | | | | We want to figure out what situations the double ondisconnect happens in, and aim to fix the root cause in the future. | |||||
* | | net.connect: Add some TODO comments | Kim Alvefur | 2019-11-26 | 1 | -0/+4 | |
| | | ||||||
* | | MUC: Add missing reference to room (thanks buildbot) [luacheck] | Kim Alvefur | 2019-11-26 | 1 | -0/+1 | |
| | | ||||||
* | | MUC: Indicate the component as origin of various errors where there's no room | Kim Alvefur | 2019-11-26 | 2 | -7/+7 | |
| | | | | | | | | A room that doesn't exist can't return an error, can it? | |||||
* | | MUC: Indicate that the room is the origin of various errors where 'from' is ↵ | Kim Alvefur | 2019-11-25 | 3 | -16/+19 | |
| | | | | | | | | an occupant JID | |||||
* | | MUC: Indicate origin of registration related errors | Kim Alvefur | 2019-11-25 | 2 | -5/+5 | |
| | | ||||||
* | | MUC: Indicate origin of password related errors | Kim Alvefur | 2019-11-25 | 2 | -2/+2 | |
| | | ||||||
* | | util.stanza: Support the 'by' attribute on errors | Kim Alvefur | 2019-11-25 | 2 | -3/+7 | |
| | | | | | | | | | | This is to be used when the entity generating the error is not the same as the one the stanza was directed to, e.g. an intermediate server. | |||||
* | | util.stanza: Check that argument to error_reply is NOT a stanza of type error | Kim Alvefur | 2019-11-25 | 2 | -0/+12 | |
| | | | | | | | | Replying to an error is Very Bad | |||||
* | | util.stanza: Check that argument to error_reply is a stanza | Kim Alvefur | 2019-11-25 | 2 | -0/+9 | |
| | | ||||||
* | | util.stanza: Remove redundant check for attrs | Kim Alvefur | 2019-11-25 | 2 | -1/+8 | |
| | | | | | | | | A stanza can't not have attrs if created the correct way | |||||
* | | util.stanza: Check that argument to reply is a stanza | Kim Alvefur | 2019-11-25 | 2 | -0/+9 | |
| | | ||||||
* | | Merge 0.11->trunk | Kim Alvefur | 2019-11-24 | 1 | -0/+2 | |
|\| | ||||||
| * | net.resolvers.basic: Normalise IP literals, ensures net.server is happy | Kim Alvefur | 2019-11-24 | 1 | -0/+2 | |
| | | ||||||
* | | net.resolvers.service: Pass IP literals directly to basic resolver | Kim Alvefur | 2019-11-24 | 1 | -0/+9 | |
| | | | | | | | | | | | | IP literals will not work with SRV records anyways. Fixes s2s with IP literals. | |||||
* | | Merge 0.11->trunk | Kim Alvefur | 2019-11-24 | 1 | -11/+17 | |
|\| | ||||||
| * | net.resolvers.basic: Fix resolution of IPv6 literals (in brackets) (fixes #1459) | Kim Alvefur | 2019-11-24 | 1 | -0/+3 | |
| | | ||||||
| * | net.resolvers.basic: Move IP literal check to constructor | Kim Alvefur | 2019-11-24 | 1 | -11/+14 | |
| | | | | | | | | | | This is to prepare for fixing #1459. An IPv6 literal in [ ] brackets does not pass IDNA and resolving it fails there. | |||||
* | | MUC: Add testcase for #1466 | Kim Alvefur | 2019-11-24 | 1 | -0/+127 | |
| | | ||||||
* | | Merge 0.11->trunk | Kim Alvefur | 2019-11-23 | 156 | -2095/+6212 | |
|\ \ | |/ |/| | ||||||
| * | mod_http_errors: Show a friendly page instead of 404 on top level | Kim Alvefur | 2019-11-17 | 1 | -0/+12 | |
| | | ||||||
| * | mod_csi: Cache CSI module availability to improve readabilty | Kim Alvefur | 2019-11-23 | 1 | -1/+4 | |
| | |