aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* net.server_epoll: Fix reporting of socket connect timeoutKim Alvefur2021-06-071-0/+2
| | | | | | | | | | | | | | | | | | | If the underlying TCP connection times out before the write timeout kicks in, end up here with err="timeout", which the following code treats as a minor issue. Then, due to epoll apparently returning the EPOLLOUT (writable) event too, we go on and try to write to the socket (commonly stream headers). This fails because the socket is closed, which becomes the error returned up the stack to the rest of Prosody. This also trips the 'onconnect' signal, which has effects on various things, such as the net.connect state machine. Probably undesirable effects. With this, we instead return "connection timeout", like server_event, and destroy the connection handle properly. And then nothing else happens because the connection has been destroyed.
* core.certmanager: Skip service certificate lookup for https clientKim Alvefur2021-05-271-1/+2
| | | | | | Quick Fix\u{2122} to stop prevent certmanager from automatically adding a client certificate for net.http.request, since this normally does not require such.
* core.portmanager: Fix race condition in initialization of SNI cert mapKim Alvefur2021-05-281-2/+2
| | | | | | | | | | | | | | | | | Under some circumstances when hosts and modules are loaded in some certain order, entries end up missing from the SNI map. This manifests in e.g. `curl https://localhost:5281/` giving an error about "unrecognized name". The `service` argument is `nil` when invoked from the "host-activated" event, leading it to iterating over every service. And then it would not be fetching e.g. `http_host` from the config, which explains why https would sometimes not work due to the missing name entry. Because when `service` is included, this limits the iteration to matching entries, while also returning the same value as the `name` loop variable. Because `name == service when service != nil` we can use name instead in the body of the loop.
* scansion: Really silence the certificates dir errorKim Alvefur2021-05-281-1/+1
| | | | certificate_s_, plural, is the directory setting
* scansion: Silence an error from cert indexer due to missing certs dirKim Alvefur2021-05-271-1/+4
|
* Merge 0.11->trunkKim Alvefur2021-05-271-1/+1
|\
| * prosodyctl: Add 'limits' to known globals to warn about misplacing itKim Alvefur2021-05-271-1/+1
| | | | | | | | It will do nothing in a VirtualHost section for example.
* | core.modulemanager: Inherit mod_server_contact_info onto components #1270Kim Alvefur2021-05-273-1/+2
| |
* | mod_server_contact_info: Generate properly escaped URIs from 'admins'Kim Alvefur2020-09-111-1/+2
| |
* | mod_server_contact_info: Apply JID normalizationKim Alvefur2020-09-113-1/+29
| |
* | prosodyctl: Reorganize help / command listKim Alvefur2021-01-221-7/+15
| |
* | prosody.cfg.lua.dist: Replace use_libevent with network_backendKim Alvefur2021-05-241-3/+3
| | | | | | | | | | Since there are more than two choices now. Hard to describe this choice in just one line. Maybe this whole block should go away?
* | mod_tls: Add "support" for <failure> by closing gracefullyKim Alvefur2021-05-211-0/+6
| | | | | | | | Nicer than the "unsupported stanza type" error we get otherwise.
* | teal: Add type spec for util.signalKim Alvefur2021-05-201-0/+41
| |
* | teal: Add type spec for util.ringbufferKim Alvefur2021-05-201-0/+20
| |
* | teal: Describe util.net.local_addresses() return typeKim Alvefur2021-05-201-1/+1
| |
* | teal: Add new util.hashes APIsKim Alvefur2021-05-201-0/+2
| |
* | statsmanager: remove "legacy" wordingJonas Schäfer2021-05-201-1/+1
| | | | | | | | | | | | | | This was a leftover from when we (or rather I) thought that the old (now called "high-level") API would be removed. We deemed it useful though, so let's remove that "legacy" language and make the description more friendly.
* | util.stanza: add at_top helperJonas Schäfer2021-05-081-0/+4
| | | | | | | | | | | | This allows the user to detect whether the cursor is currently at the top of the stanza. This will be used by util.xmppstream to be able to port it over.
* | mod_csi_simple: convert to use new metric interface for flush reasonsJonas Schäfer2021-05-201-10/+7
| |
* | prosody.cfg.lua.dist: Fix indentation to use tabs like the rest of the fileEmmanuel Gil Peyrot2021-05-191-6/+6
| |
* | prosody: Close the state on exit (ie garbage-collect everything)Kim Alvefur2021-05-181-1/+1
| | | | | | | | | | | | | | | | | | | | This ensures __gc is called on everything that may need it, such as database connections. It was reported in the chat by Happy that SQLite3 does not close its state cleanly in WAL mode, leaving the WAL file behind. This is probably rather a bug in mod_storage_sql, but forcing a final GC sweep should also help with such things everywhere.
* | tools/cfgdump: Serialize individual (table) settings in stable order tooKim Alvefur2021-05-171-2/+9
| |
* | tools/cfgdump: Iterate in sort order to give stable outputKim Alvefur2021-05-171-5/+6
| | | | | | | | | | Should allow using this tool for comparing configs without hash table order messing things up.
* | mod_http_file_share: Handle out of bounds Range requestKim Alvefur2021-05-171-3/+8
| | | | | | | | | | | | | | Turns out you can seek past the end of the file without getting an error. Also rejects empty range instead of sending the whole file.
* | Merge 0.11->trunkKim Alvefur2021-05-162-12/+4
|\|
| * mod_pep: Remove obsolete node restoration code (now done by util.pubsub)Kim Alvefur2021-05-161-12/+0
| | | | | | | | | | | | | | | | | | | | | | | | Originally added in 202b9951b037 but util.pubsub gained a better method in 6c2c2fc4b8dd since then, which mod_pep uses since 9194431b6447 which should have deleted this. All these :create calls would have failed with a 'conflict' error, since the nodes had already been created. This was never noticed because of missing error handling. Also note that this code did not restore node configuration.
| * util.pubsub: Fix traceback if node data not initializedKim Alvefur2021-05-161-0/+4
| | | | | | | | | | This should not be possible, but a traceback indicating node_data being nil here was reported by Ron in the chat.
* | mod_http_file_share: Support download resumption via Range requestsKim Alvefur2021-05-162-0/+21
| | | | | | | | | | | | | | | | Only a starting point is supported due to the way response:send_file() sends everything it gets from the provided file handle but does not have any way to specify how much to read. This matches what Conversations appears to be doing.
* | prosodyctl: Report OpenSSL versionKim Alvefur2021-05-121-0/+4
| |
* | util.hashes: Expose OpenSSL versionKim Alvefur2021-05-121-0/+4
| |
* | util.jwt: Use constant-time comparison with expected signatureMatthew Wild2021-05-131-1/+2
| |
* | Merge 0.11->trunkMatthew Wild2021-05-1319-54/+111
|\|
| * Added tag 0.11.9 for changeset d0e9ffccdef9Matthew Wild2021-05-120-0/+0
| |
| * mod_dialback: Remove d-w-d feature0.11.9Kim Alvefur2021-05-122-23/+1
| | | | | | | | | | | | | | Backs out 1d0862814bfc and 2fdd71b08126 Largely unused, undocumented and did not have enough tests to provide confidence in its correct operation.
| * mod_dialback: Use correct host for certificate check (fixes #1381)Kim Alvefur2019-06-231-2/+1
| |
| * mod_dialback: Use constant-time comparison with hmacMatthew Wild2021-05-121-1/+2
| |
| * mod_proxy65: Restrict access to local c2s connections by defaultMatthew Wild2021-05-121-4/+12
| | | | | | | | | | Previously no 'proxy65_acl' option would allow unrestricted access by local or remote JIDs.
| * mod_limits: Use default limits if none configuredMatthew Wild2021-05-111-1/+10
| |
| * prosody.cfg.lua.dist: Enable rate limits by defaultMatthew Wild2021-05-111-1/+12
| |
| * prosodyctl about: Report libexpat version if knownMatthew Wild2021-05-111-1/+5
| |
| * certmanager: Disable renegotiation by defaultMatthew Wild2021-05-111-0/+2
| | | | | | | | This requires LuaSec 0.7+ and OpenSSL 1.1.1+
| * mod_limits: Don't emit error when no burst period is configuredMatthew Wild2021-05-111-1/+1
| |
| * core.certmanager: Test for SSL options in absence of LuaSec configKim Alvefur2021-04-261-5/+9
| |
| * core.certmanager: Attempt to directly access LuaSec config tableKim Alvefur2021-04-261-1/+1
| | | | | | | | | | Due to a bug this field was not properly exported before See https://github.com/brunoos/luasec/issues/149
| * util.xmppstream: Allow dynamically configuring the stanza size limit for a ↵Matthew Wild2021-05-101-0/+3
| | | | | | | | | | | | | | stream This may be useful for any plugins that want to experiment with different policies for stanza size limits (e.g. unauthenticated vs authenticated streams).
| * util.xmppstream: Mark bytes for stream closure as handledMatthew Wild2021-05-101-0/+3
| |
| * MUC: Add support for advertising muc#roomconfig_allowinvites in room disco#infoMatthew Wild2021-05-101-2/+10
| | | | | | | | | | | | | | | | | | | | | | | | The de-facto interpretation of this (undocumented) option is to indicate to the client whether it is allowed to invite other users to the MUC. This is differs from the existing option in our config form, which only controls the behaviour of sending of invites in a members-only MUC (we always allow invites in open rooms). Conversations is one client known to use this disco#info item to determine whether it may send invites.
| * mod_auth_internal_{plain,hashed}: Use constant-time string comparison for ↵Matthew Wild2021-05-102-3/+5
| | | | | | | | secrets
| * util.xmppstream: Reduce default xmppstream limit to 1MBMatthew Wild2021-05-101-1/+1
| |