| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
| |
| |
| |
| | |
Goal is to have some accountability for these privileged actions.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This doesn't really make sense today. It doesn't even work with
mod_auth_internal_hashed, which should be the default. And even with a
supporting authentication module, why would we just hand out the
password? One use case may be to recover a forgotten password. While not
yet included with Prosody, there are better ways to handle forgotten
passwords, usually by resetting them to a new password.
|
| |
| |
| |
| |
| |
| | |
Fixes #1643
API change: The argument to archive_itemstore() changes type to integer
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Because during startup, if all items are provided by a different module
(e.g. mod_turn_external) then this would log a scary warning even if
everything is fine after that other module has been loaded.
This way, any persistent problematic state is reported in the console.
Errors with individual items should still be reported by prepare().
Now, if you load mod_external_services alone without configuring any
services, no error or warning is reported in the log, but maybe that's
not so bad with it reported in the console.
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| | |
This ensures that problems with entries added other modules, e.g.
mod_turn_external, are reported on startup. However, this depends on
load order and whether a `module:depends()` call comes before the
`module:add_item()` call. A followup commit will do something about
that.
|
| | |
|
| |
| |
| |
| | |
Should have been removed in the previous commit.
|
| |
| |
| |
| | |
See previous commit to mod_c2s: a62146353528
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The :info() method has been observed to return nothing ... sometimes.
Unclear what causes it. Perhaps the TLS connection was shut down or
hasn't fully settled?
The LuaSec code has code paths that return nothing or nil, error, so it
is best to guard against it.
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| | |
Since there is now support for SNI with per-host certificates as well as
support in `prosodyctl check dns`.
Previous "support" was just the 'legacy_ssl' option, which didn't have
much other supporting code.
|
| |
| |
| |
| | |
^C^V
|
| | |
|
| |
| |
| |
| |
| |
| | |
This fixes wrongly reported DNS problems on some distros where the hosts
file contains an entry for the local machine, pointing at a loopback
address such as 127.0.1.1 or similar.
|
| | |
|
| | |
|
| |
| |
| |
| |
| | |
This only differs from 'legacy_ssl' in name, at least on the server
side. For clients this is the one that uses SRV records.
|
| |
| |
| |
| |
| | |
net.dns returns nil for NXDOMAIN, while net.unbound returns a table with
zero items and various status fields.
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
X-Frame-Options was replaced by the Content-Security-Policy
'frame-ancestors' directive, but Internet Explorer does not support that
part of CSP.
Since it's just one line it doesn't hurt to keep until some future
spring cleaning event :)
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fixes "attempt to compare number with nil" because `session.version` has
been cleared by s2smanager.destroy_session.
This can happen with the server_epoll setting opportunistic_writes
enabled, which means that it can notice that the connection failed at
this point, after which it triggers the whole chain of events that leads
to session destruction and "cleaning" most of the session fields.
|
| | |
|
| |
| |
| |
| |
| | |
Some items like HTTP providers would be very verbose, others are tricky
to handle.
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| | |
Hosts have a metatable __tostring method that produces a nice
representation such as `VirtualHost "example.com"`, which even includes
the component module for internal components.
|
| | |
|
| | |
|
| |
| |
| |
| |
| | |
To show info about loaded modules. Inspired by the desire to know
whether a module was loaded from the core set or 3rd party.
|
| |
| |
| |
| | |
Lua 5.1 (thanks sups)
|
| | |
|
| | |
|
| |
| |
| |
| |
| | |
This should re-create all contexts the same way as when the service was
activated, which reloads certificates.
|
| |
| |
| |
| | |
Thinking I can use this to reload certificates after config reload
|
| |
| |
| |
| |
| | |
Supported by the other net.server implementations already, but not used
anywhere in Prosody.
|
| |
| |
| |
| |
| | |
Creates buckets up to the configured size limit or 1TB, whichever is
smaller, e.g. {1K, 4K, 16K, ... 4M, 16M}
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
"%g" turns 1GB into 1.07374e+09, which is a bit awkward for the bytes
measurements IMO. Turning up the precision, at "%.17g" turns 0.1 into
0.10000000000000001 while "%0.16" gives 0.1, hiding most of those pesky
floating point artefacts. Lua version 5.2 uses "%.14g" ( see
LUA_NUMBER_FMT in luaconf.h.html ) so it seems like a sensible choice
here.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If the underlying TCP connection times out before the write timeout
kicks in, end up here with err="timeout", which the following code
treats as a minor issue.
Then, due to epoll apparently returning the EPOLLOUT (writable) event
too, we go on and try to write to the socket (commonly stream headers).
This fails because the socket is closed, which becomes the error
returned up the stack to the rest of Prosody.
This also trips the 'onconnect' signal, which has effects on various
things, such as the net.connect state machine. Probably undesirable
effects.
With this, we instead return "connection timeout", like server_event,
and destroy the connection handle properly. And then nothing else
happens because the connection has been destroyed.
|
| |
| |
| |
| |
| |
| | |
Quick Fix\u{2122} to stop prevent certmanager from automatically adding
a client certificate for net.http.request, since this normally does not
require such.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Under some circumstances when hosts and modules are loaded in some
certain order, entries end up missing from the SNI map. This manifests
in e.g. `curl https://localhost:5281/` giving an error about
"unrecognized name".
The `service` argument is `nil` when invoked from the "host-activated"
event, leading it to iterating over every service. And then it would not
be fetching e.g. `http_host` from the config, which explains why https
would sometimes not work due to the missing name entry.
Because when `service` is included, this limits the iteration to
matching entries, while also returning the same value as the `name` loop
variable. Because `name == service when service != nil` we can use name
instead in the body of the loop.
|
| |
| |
| |
| | |
certificate_s_, plural, is the directory setting
|
| | |
|
|\| |
|
| |
| |
| |
| | |
It will do nothing in a VirtualHost section for example.
|
| | |
|
| | |
|