aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* | mod_saslauth: Advertise correct set of mechanismsKim Alvefur2019-12-021-1/+1
| | | | | | | | | | | | | | | | | | Mistakenly iterates over the set of all supported mechanisms instead of the one without insecure mechanisms if the connection is insecure. Not a problem if c2s_require_encryption is true Introduced in 56a0f68b7797
* | util.*.c: Add static qualifiers everywhereEmmanuel Gil Peyrot2019-12-016-52/+47
| |
* | util.encodings: Remove redundant castEmmanuel Gil Peyrot2019-12-011-1/+1
| |
* | util.encodings: Don?t export unneeded symbolsEmmanuel Gil Peyrot2019-12-011-8/+8
| | | | | | | | This reduces the binary size from 22704?B to 18592?B.
* | mod_s2s: Refactor stream error handling on closeKim Alvefur2019-12-011-19/+14
| | | | | | | | | | | | Deduplicates the 3 log calls that log the same thing but subtly differently. The first one would say "Disconnecting localhost" and the last one didn't log the IP.
* | mod_s2s: Use stanza type check instead of duck typingKim Alvefur2019-12-011-1/+1
| |
* | mod_net_multiplex: Remove debug messageKim Alvefur2019-12-011-1/+0
| | | | | | | | | | This was something I added during development and set to info level for visibility.
* | net.server_select: Remove prefix added to TLS handshaker errorsKim Alvefur2019-12-011-1/+1
| | | | | | | | For consistency. None of the other implementations do this.
* | mod_s2s: Improve TLS handshake error messagesKim Alvefur2019-12-011-0/+4
| | | | | | | | | | | | This should make it clearer that it's about the TLS handshake. Otherwise it's something like "unsupported protocol" or "no shared ciphers" that might not be that obvious.
* | mod_s2s: Log from session loggerKim Alvefur2019-11-301-1/+1
| | | | | | | | Helps locating all messages related to a specific session
* | mod_s2s: Improve log message about forbidding insecure connectionsKim Alvefur2019-11-301-1/+1
| | | | | | | | This new wording generator is nice.
* | mod_admin_telnet: Sort hostsKim Alvefur2019-11-301-1/+5
| | | | | | | | | | | | Groups by domain in DNS hierarchy order or something. Why not split on '.' you ask? Well becasue that's not what I typed here. Also "[^.]" is longer than "%P".
* | mod_carbons: Improve performance by delaying creation of carbon payloadKim Alvefur2019-11-301-11/+15
| | | | | | | | | | | | If there are no other sessions which also enabled carbons then the carbons wrapper is not used and the potentially expensive clone operation was a waste of cycles.
* | core.portmanager: Complete error message for SNI TLS context problemsKim Alvefur2019-11-301-1/+1
| |
* | tests: Disable s2s in scansion testsKim Alvefur2019-11-301-1/+4
| | | | | | | | These are all c2s tests, no need to have s2s enabled.
* | mod_net_multiplex: Tweak debug logging for ALPN caseKim Alvefur2019-11-291-2/+1
| |
* | mod_net_multiplex: Add support for using ALPNKim Alvefur2019-11-296-3/+42
| | | | | | | | | | | | | | Potentially a bit more efficient since it can jump to the selected protocol on connect instead of waiting for some data to look at. Adds a 'protocol' field to net providers for this purpose.
* | net.http: Set ALPN on requestsKim Alvefur2019-11-291-1/+1
| | | | | | | | | | | | Shouldn't hurt. Revert if it turns out it does. Supported in LuaSec 0.8. Should be ignored otherwise.
* | core.portmanager: Fix TLS context inheritance for SNI hosts (completes SNI ↵Kim Alvefur2019-11-292-10/+6
| | | | | | | | support)
* | core.portmanager: Don't set the first TLS context with a cert as main contextKim Alvefur2019-11-291-4/+0
| | | | | | | | Don't think this works and it's apparently acceptable to require SNI these days.
* | mod_admin_telnet: Display ALPN in show_tls() if supported and availableKim Alvefur2019-11-211-0/+6
| |
* | mod_http: Log served URLs at 'info' levelKim Alvefur2019-11-291-1/+1
| | | | | | | | | | | | These are similar to the "activated service" messages from portmanager and similarily useful for the service admin to know even if they're not debugging anything.
* | mod_s2s: Prevent unhandled stanza handler from complaining about stream ↵Kim Alvefur2019-11-291-2/+2
| | | | | | | | | | | | features on aborted connections I have no idea why I wrote return false in e5945fb5b71f
* | mod_s2s_bidi: Ignore unencrypted connections if s2s_require_encryption is setKim Alvefur2019-11-281-3/+5
| | | | | | | | Prevents some weirdness in cases where no authentication is done
* | mod_s2s: Abort outgoing connections earlier when TLS requirement isn't satisfiedKim Alvefur2019-11-281-0/+7
| | | | | | | | | | This ensures the closure reason is accurate and not reported as an authentication or other problem
* | mod_s2s: Send stream errors for cert problems on outgoing connectionsKim Alvefur2019-11-281-6/+7
| | | | | | | | Rationale in comment.
* | mod_s2s: Improve error in bounces due to cert validation problemsKim Alvefur2019-11-271-3/+24
| |
* | mod_s2s_auth_certs: Save chain validation errors for later useKim Alvefur2019-11-271-0/+1
| |
* | net.websocket: Fix traceback in case of ondisconnect being called twiceMatthew Wild2019-11-261-0/+1
| | | | | | | | | | We want to figure out what situations the double ondisconnect happens in, and aim to fix the root cause in the future.
* | net.connect: Add some TODO commentsKim Alvefur2019-11-261-0/+4
| |
* | MUC: Add missing reference to room (thanks buildbot) [luacheck]Kim Alvefur2019-11-261-0/+1
| |
* | MUC: Indicate the component as origin of various errors where there's no roomKim Alvefur2019-11-262-7/+7
| | | | | | | | A room that doesn't exist can't return an error, can it?
* | MUC: Indicate that the room is the origin of various errors where 'from' is ↵Kim Alvefur2019-11-253-16/+19
| | | | | | | | an occupant JID
* | MUC: Indicate origin of registration related errorsKim Alvefur2019-11-252-5/+5
| |
* | MUC: Indicate origin of password related errorsKim Alvefur2019-11-252-2/+2
| |
* | util.stanza: Support the 'by' attribute on errorsKim Alvefur2019-11-252-3/+7
| | | | | | | | | | This is to be used when the entity generating the error is not the same as the one the stanza was directed to, e.g. an intermediate server.
* | util.stanza: Check that argument to error_reply is NOT a stanza of type errorKim Alvefur2019-11-252-0/+12
| | | | | | | | Replying to an error is Very Bad
* | util.stanza: Check that argument to error_reply is a stanzaKim Alvefur2019-11-252-0/+9
| |
* | util.stanza: Remove redundant check for attrsKim Alvefur2019-11-252-1/+8
| | | | | | | | A stanza can't not have attrs if created the correct way
* | util.stanza: Check that argument to reply is a stanzaKim Alvefur2019-11-252-0/+9
| |
* | Merge 0.11->trunkKim Alvefur2019-11-241-0/+2
|\|
| * net.resolvers.basic: Normalise IP literals, ensures net.server is happyKim Alvefur2019-11-241-0/+2
| |
* | net.resolvers.service: Pass IP literals directly to basic resolverKim Alvefur2019-11-241-0/+9
| | | | | | | | | | | | IP literals will not work with SRV records anyways. Fixes s2s with IP literals.
* | Merge 0.11->trunkKim Alvefur2019-11-241-11/+17
|\|
| * net.resolvers.basic: Fix resolution of IPv6 literals (in brackets) (fixes #1459)Kim Alvefur2019-11-241-0/+3
| |
| * net.resolvers.basic: Move IP literal check to constructorKim Alvefur2019-11-241-11/+14
| | | | | | | | | | This is to prepare for fixing #1459. An IPv6 literal in [ ] brackets does not pass IDNA and resolving it fails there.
* | MUC: Add testcase for #1466Kim Alvefur2019-11-241-0/+127
| |
* | Merge 0.11->trunkKim Alvefur2019-11-23156-2095/+6212
|\ \ | |/ |/|
| * mod_http_errors: Show a friendly page instead of 404 on top levelKim Alvefur2019-11-171-0/+12
| |
| * mod_csi: Cache CSI module availability to improve readabiltyKim Alvefur2019-11-231-1/+4
| |