Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | util.sasl.scram: Ignore unused authzid variable (strict lint) | Kim Alvefur | 2019-12-09 | 1 | -0/+1 |
| | | | | | It would be nice if authzid was passed down into the stack and could be used by plugins for things. | ||||
* | .luacheckrc: Remove passing spec/ files from ignore list | Matthew Wild | 2019-12-09 | 1 | -3/+0 |
| | |||||
* | net.http.parser tests: Expand tests to include validation of results | Matthew Wild | 2019-12-09 | 1 | -22/+86 |
| | |||||
* | .luacheckrc: Remove passing file from ignore list | Matthew Wild | 2019-12-09 | 1 | -1/+0 |
| | |||||
* | configmanager tests: Split long line | Matthew Wild | 2019-12-09 | 1 | -1/+3 |
| | |||||
* | util.x509: Fix recording of CommonNames in get_identities | Kim Alvefur | 2019-12-08 | 1 | -1/+1 |
| | | | | | | | | | Don't worry, this function is not used by anything yet, this isn't a security issue. It'll be used by Prosody to pick the correct certificate for itself in the future. The `names` multitable is a collection of (name, service) pairs but it put them in the wrong order here. | ||||
* | util.error: Write down some thoughts in comments | Kim Alvefur | 2019-12-08 | 1 | -0/+7 |
| | |||||
* | net.server_epoll: Use monotonic time for scheduling | Kim Alvefur | 2019-12-08 | 1 | -9/+11 |
| | | | | Timer API of passing wallclock time remains | ||||
* | net.server_epoll: Change timer rescheduling method to match util.timer | Kim Alvefur | 2019-12-08 | 1 | -2/+3 |
| | | | | | Relative to current time instead of absolute time, in preparation for switching to monotonic time. | ||||
* | net.server_epoll: Remove unused function for adding timer at absolute time | Kim Alvefur | 2019-12-08 | 1 | -8/+3 |
| | | | | This won't make sense if we switch to monotonic time | ||||
* | mod_admin_telnet: Avoid using LuaSocket for timestamps | Kim Alvefur | 2019-12-08 | 1 | -2/+1 |
| | | | | | Using util.time will make it easier to move away from LuaSocket if we ever wanted to do that. | ||||
* | mod_saslauth: Set a nicer bounce error explaining SASL EXTERNAL failures | Kim Alvefur | 2019-12-07 | 1 | -1/+4 |
| | | | | | | | | Better than the previous string concatenation of SASL failure condition and optional text sent by the remote server. Would be nice to have a text per condition, other than the probably most common 'not-authorized'. | ||||
* | mod_saslauth: Collect SASL EXTERNAL failures into an util.error object | Kim Alvefur | 2019-12-07 | 1 | -5/+12 |
| | | | | | Will be easier than that concatenated string to extract info out of for use elsewhere. | ||||
* | net.server_epoll: Add debug logging for delayed reading | Kim Alvefur | 2019-12-07 | 1 | -0/+1 |
| | | | | | | | | | | | | | | | | In :onreadable, if there is still buffered incoming data after reading from the socket (as indicated by the :dirty method, usually because LuaSocket has an 8k buffer that's full but it read a smaller amount), another attempt to read is scheduled via this :pausefor method. This is also called from some other places where it would be pointless to read because there shouldn't be any data. In the delayed read case, this should report that the socket is "dirty". If it reports that the socket is "clean" then the question is where the buffer contents went? If this doesn't get logged after the scheduled time (0.000001s by default) then this would suggests a problem with timer or scheduling. | ||||
* | net.connect: Mention RFC 6724 regression | Kim Alvefur | 2019-12-07 | 2 | -0/+2 |
| | | | | | Default Address Selection algorithm is not applied, resulting in a strong bias towards IPv4. | ||||
* | net.connect: Add some TODOs and FIXMEs | Kim Alvefur | 2019-12-07 | 3 | -1/+10 |
| | | | | And mention issue numbers: #1246, #1428 and #1429 | ||||
* | mod_s2s: Invert condition to return early and reduce indentation | Kim Alvefur | 2019-12-04 | 1 | -26/+26 |
| | |||||
* | mod_s2s: Fix mistake in 28755107c2f4 | Kim Alvefur | 2019-12-03 | 1 | -0/+1 |
| | |||||
* | mod_saslauth: Advertise correct set of mechanisms | Kim Alvefur | 2019-12-02 | 1 | -1/+1 |
| | | | | | | | | | Mistakenly iterates over the set of all supported mechanisms instead of the one without insecure mechanisms if the connection is insecure. Not a problem if c2s_require_encryption is true Introduced in 56a0f68b7797 | ||||
* | util.*.c: Add static qualifiers everywhere | Emmanuel Gil Peyrot | 2019-12-01 | 6 | -52/+47 |
| | |||||
* | util.encodings: Remove redundant cast | Emmanuel Gil Peyrot | 2019-12-01 | 1 | -1/+1 |
| | |||||
* | util.encodings: Don?t export unneeded symbols | Emmanuel Gil Peyrot | 2019-12-01 | 1 | -8/+8 |
| | | | | This reduces the binary size from 22704?B to 18592?B. | ||||
* | mod_s2s: Refactor stream error handling on close | Kim Alvefur | 2019-12-01 | 1 | -19/+14 |
| | | | | | | Deduplicates the 3 log calls that log the same thing but subtly differently. The first one would say "Disconnecting localhost" and the last one didn't log the IP. | ||||
* | mod_s2s: Use stanza type check instead of duck typing | Kim Alvefur | 2019-12-01 | 1 | -1/+1 |
| | |||||
* | mod_net_multiplex: Remove debug message | Kim Alvefur | 2019-12-01 | 1 | -1/+0 |
| | | | | | This was something I added during development and set to info level for visibility. | ||||
* | net.server_select: Remove prefix added to TLS handshaker errors | Kim Alvefur | 2019-12-01 | 1 | -1/+1 |
| | | | | For consistency. None of the other implementations do this. | ||||
* | mod_s2s: Improve TLS handshake error messages | Kim Alvefur | 2019-12-01 | 1 | -0/+4 |
| | | | | | | This should make it clearer that it's about the TLS handshake. Otherwise it's something like "unsupported protocol" or "no shared ciphers" that might not be that obvious. | ||||
* | mod_s2s: Log from session logger | Kim Alvefur | 2019-11-30 | 1 | -1/+1 |
| | | | | Helps locating all messages related to a specific session | ||||
* | mod_s2s: Improve log message about forbidding insecure connections | Kim Alvefur | 2019-11-30 | 1 | -1/+1 |
| | | | | This new wording generator is nice. | ||||
* | mod_admin_telnet: Sort hosts | Kim Alvefur | 2019-11-30 | 1 | -1/+5 |
| | | | | | | Groups by domain in DNS hierarchy order or something. Why not split on '.' you ask? Well becasue that's not what I typed here. Also "[^.]" is longer than "%P". | ||||
* | mod_carbons: Improve performance by delaying creation of carbon payload | Kim Alvefur | 2019-11-30 | 1 | -11/+15 |
| | | | | | | If there are no other sessions which also enabled carbons then the carbons wrapper is not used and the potentially expensive clone operation was a waste of cycles. | ||||
* | core.portmanager: Complete error message for SNI TLS context problems | Kim Alvefur | 2019-11-30 | 1 | -1/+1 |
| | |||||
* | tests: Disable s2s in scansion tests | Kim Alvefur | 2019-11-30 | 1 | -1/+4 |
| | | | | These are all c2s tests, no need to have s2s enabled. | ||||
* | mod_net_multiplex: Tweak debug logging for ALPN case | Kim Alvefur | 2019-11-29 | 1 | -2/+1 |
| | |||||
* | mod_net_multiplex: Add support for using ALPN | Kim Alvefur | 2019-11-29 | 6 | -3/+42 |
| | | | | | | | Potentially a bit more efficient since it can jump to the selected protocol on connect instead of waiting for some data to look at. Adds a 'protocol' field to net providers for this purpose. | ||||
* | net.http: Set ALPN on requests | Kim Alvefur | 2019-11-29 | 1 | -1/+1 |
| | | | | | | Shouldn't hurt. Revert if it turns out it does. Supported in LuaSec 0.8. Should be ignored otherwise. | ||||
* | core.portmanager: Fix TLS context inheritance for SNI hosts (completes SNI ↵ | Kim Alvefur | 2019-11-29 | 2 | -10/+6 |
| | | | | support) | ||||
* | core.portmanager: Don't set the first TLS context with a cert as main context | Kim Alvefur | 2019-11-29 | 1 | -4/+0 |
| | | | | Don't think this works and it's apparently acceptable to require SNI these days. | ||||
* | mod_admin_telnet: Display ALPN in show_tls() if supported and available | Kim Alvefur | 2019-11-21 | 1 | -0/+6 |
| | |||||
* | mod_http: Log served URLs at 'info' level | Kim Alvefur | 2019-11-29 | 1 | -1/+1 |
| | | | | | | These are similar to the "activated service" messages from portmanager and similarily useful for the service admin to know even if they're not debugging anything. | ||||
* | mod_s2s: Prevent unhandled stanza handler from complaining about stream ↵ | Kim Alvefur | 2019-11-29 | 1 | -2/+2 |
| | | | | | | features on aborted connections I have no idea why I wrote return false in e5945fb5b71f | ||||
* | mod_s2s_bidi: Ignore unencrypted connections if s2s_require_encryption is set | Kim Alvefur | 2019-11-28 | 1 | -3/+5 |
| | | | | Prevents some weirdness in cases where no authentication is done | ||||
* | mod_s2s: Abort outgoing connections earlier when TLS requirement isn't satisfied | Kim Alvefur | 2019-11-28 | 1 | -0/+7 |
| | | | | | This ensures the closure reason is accurate and not reported as an authentication or other problem | ||||
* | mod_s2s: Send stream errors for cert problems on outgoing connections | Kim Alvefur | 2019-11-28 | 1 | -6/+7 |
| | | | | Rationale in comment. | ||||
* | mod_s2s: Improve error in bounces due to cert validation problems | Kim Alvefur | 2019-11-27 | 1 | -3/+24 |
| | |||||
* | mod_s2s_auth_certs: Save chain validation errors for later use | Kim Alvefur | 2019-11-27 | 1 | -0/+1 |
| | |||||
* | net.websocket: Fix traceback in case of ondisconnect being called twice | Matthew Wild | 2019-11-26 | 1 | -0/+1 |
| | | | | | We want to figure out what situations the double ondisconnect happens in, and aim to fix the root cause in the future. | ||||
* | net.connect: Add some TODO comments | Kim Alvefur | 2019-11-26 | 1 | -0/+4 |
| | |||||
* | MUC: Add missing reference to room (thanks buildbot) [luacheck] | Kim Alvefur | 2019-11-26 | 1 | -0/+1 |
| | |||||
* | MUC: Indicate the component as origin of various errors where there's no room | Kim Alvefur | 2019-11-26 | 2 | -7/+7 |
| | | | | A room that doesn't exist can't return an error, can it? |