| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
This can be used for debugging and introspection.
|
|
|
|
|
| |
Should have been part of f33887f925e1 to ensure it won't skip processing
timers at all when very busy.
|
|
|
|
| |
Updates for 65fb0d7a2312::59c3d775c7fa
|
|
|
|
|
| |
This would indicate that a reverse proxy is used, which gets to be
responsible for that since it probably holds the actual cert.
|
| |
|
|
|
|
|
|
| |
The 'anonymous_login' setting is deprecated and prosodyctl check config
will tell you to change it to 'authentication = "internal_hashed"', so
we shouldn't need to care about here anymore.
|
|
|
|
| |
This code is hard to follow and in need of some refactoring.
|
|
|
|
|
|
|
|
|
| |
./tools/build-env/build.sh
Creates a container image based on Debian or Ubuntu
./tools/build-env/here.sh
Starts a container and mounts in the current working directory, from
where one can ./configure; make; make test etc
|
| |
|
|
|
|
|
| |
Had a hard time following what was happening when it did not specify
which grant or token was being removed.
|
|
|
|
| |
Connection: keep-alive is implicit in HTTP/1.1 but explicit > implicit
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This should speed up repeated requests to the same site by keeping their
connections around and sending more requests on them.
Sending multiple requests at the same time is not supported, instead a
request started while another to the same authority is in progress would
open a new one and the first one to complete would go back in the pool.
This could be investigated in the future.
Some http servers limit the number of requests per connection and this
is not tested and could cause one request to fail, but hopefully it will
close the connection and prevent it from being reused.
|
|
|
|
|
| |
Potentially allows sorting on those directly as they will be in
increasing order.
|
|
|
|
|
|
|
|
|
| |
Allows sorting by id as a substitute for sorting by timestamp since it
has the timestamp in the encoded in the first part, and only things that
happen extremely close together may get out of order by such a sort,
which might not matter.
From draft-ietf-uuidrev-rfc4122bis formerly draft-peabody-dispatch-new-uuid-format
|
|
|
|
| |
modules_enabled (thanks aab and Menel)
|
|
|
|
| |
Security considerations added, no protocol changes.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
Previously the whole grant was deleted if it found one expired toke,
which was not indented.
|
| |
|
|
|
|
| |
initialization
|
|
|
|
| |
Not the prosodyctl check dane I wanted to make but a start.
|
|
|
|
|
|
|
| |
One small refactor but one huge step in the right direction
Mostly because adding another check would make the line checking for a
valid check exceed the column limit.
|
|
|
|
| |
Does this make it clearer what is going on?
|
| |
|
|
|
|
| |
Simplifies configuration, only one already existing boolean to flip.
|
|
|
|
|
| |
Complements the DANE support for outgoing connections included in
net.connect
|
| |
|
|
|
|
|
|
| |
* mod_authz_internal adds account_roles
* mod_cron has its state
* mod_smacks also has some non-critical state
|
|
|
|
| |
Everything supports SNI today, so this is not useful information.
|
|
|
|
|
| |
This matches what mod_c2s does, and fixes a traceback in mod_sasl2_fast when
used with BOSH (that module tries to use event.stream.from).
|
|\ |
|
| |
| |
| |
| | |
A typo should not result in ending up with "legacy"
|
| |
| |
| |
| | |
(thanks tmolitor)
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This channel binding method is now enabled when a hash is manually set in the
config, or it attempts to discover the hash automatically if the value is the
special string "auto".
A related change to mod_c2s prevents complicated certificate lookups in the
client connection hot path - this work now happens only when this channel
binding method is used. I'm not aware of anything else that uses ssl_cfg (vs
ssl_ctx).
Rationale for disabling by default:
- Minor performance impact in automatic cert detection
- This method is weak against a leaked/stolen private key (other methods such
as 'tls-exporter' would not be compromised in such a case)
Rationale for keeping the implementation:
- For some deployments, this may be the only method available (e.g. due to
TLS offloading in another process/server).
|
| | |
|
| |
| |
| |
| |
| |
| |
| | |
Some of the new roles don't quite fit nicely into 4 characters
(excluding ellipsis). Given the ability to dynamically add additional
roles from the config and possibly from modules, it seems better to just
make it a relative size since we can't know how long they will be.
|
| |
| |
| |
| | |
Explicit > implicit
|
| | |
|
| |
| |
| |
| | |
Requested feature for many modules, notably MAM and file sharing.
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| | |
MattJ contributed new APIs for retrieving the actually used certificate
and chain to LuaSec, which are not in a release at the time of this
commit.
|