aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* | mod_saslauth: Set a nicer bounce error explaining SASL EXTERNAL failuresKim Alvefur2019-12-071-1/+4
| | | | | | | | | | | | | | | | Better than the previous string concatenation of SASL failure condition and optional text sent by the remote server. Would be nice to have a text per condition, other than the probably most common 'not-authorized'.
* | mod_saslauth: Collect SASL EXTERNAL failures into an util.error objectKim Alvefur2019-12-071-5/+12
| | | | | | | | | | Will be easier than that concatenated string to extract info out of for use elsewhere.
* | net.server_epoll: Add debug logging for delayed readingKim Alvefur2019-12-071-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In :onreadable, if there is still buffered incoming data after reading from the socket (as indicated by the :dirty method, usually because LuaSocket has an 8k buffer that's full but it read a smaller amount), another attempt to read is scheduled via this :pausefor method. This is also called from some other places where it would be pointless to read because there shouldn't be any data. In the delayed read case, this should report that the socket is "dirty". If it reports that the socket is "clean" then the question is where the buffer contents went? If this doesn't get logged after the scheduled time (0.000001s by default) then this would suggests a problem with timer or scheduling.
* | net.connect: Mention RFC 6724 regressionKim Alvefur2019-12-072-0/+2
| | | | | | | | | | Default Address Selection algorithm is not applied, resulting in a strong bias towards IPv4.
* | net.connect: Add some TODOs and FIXMEsKim Alvefur2019-12-073-1/+10
| | | | | | | | And mention issue numbers: #1246, #1428 and #1429
* | mod_s2s: Invert condition to return early and reduce indentationKim Alvefur2019-12-041-26/+26
| |
* | mod_s2s: Fix mistake in 28755107c2f4Kim Alvefur2019-12-031-0/+1
| |
* | mod_saslauth: Advertise correct set of mechanismsKim Alvefur2019-12-021-1/+1
| | | | | | | | | | | | | | | | | | Mistakenly iterates over the set of all supported mechanisms instead of the one without insecure mechanisms if the connection is insecure. Not a problem if c2s_require_encryption is true Introduced in 56a0f68b7797
* | util.*.c: Add static qualifiers everywhereEmmanuel Gil Peyrot2019-12-016-52/+47
| |
* | util.encodings: Remove redundant castEmmanuel Gil Peyrot2019-12-011-1/+1
| |
* | util.encodings: Don?t export unneeded symbolsEmmanuel Gil Peyrot2019-12-011-8/+8
| | | | | | | | This reduces the binary size from 22704?B to 18592?B.
* | mod_s2s: Refactor stream error handling on closeKim Alvefur2019-12-011-19/+14
| | | | | | | | | | | | Deduplicates the 3 log calls that log the same thing but subtly differently. The first one would say "Disconnecting localhost" and the last one didn't log the IP.
* | mod_s2s: Use stanza type check instead of duck typingKim Alvefur2019-12-011-1/+1
| |
* | mod_net_multiplex: Remove debug messageKim Alvefur2019-12-011-1/+0
| | | | | | | | | | This was something I added during development and set to info level for visibility.
* | net.server_select: Remove prefix added to TLS handshaker errorsKim Alvefur2019-12-011-1/+1
| | | | | | | | For consistency. None of the other implementations do this.
* | mod_s2s: Improve TLS handshake error messagesKim Alvefur2019-12-011-0/+4
| | | | | | | | | | | | This should make it clearer that it's about the TLS handshake. Otherwise it's something like "unsupported protocol" or "no shared ciphers" that might not be that obvious.
* | mod_s2s: Log from session loggerKim Alvefur2019-11-301-1/+1
| | | | | | | | Helps locating all messages related to a specific session
* | mod_s2s: Improve log message about forbidding insecure connectionsKim Alvefur2019-11-301-1/+1
| | | | | | | | This new wording generator is nice.
* | mod_admin_telnet: Sort hostsKim Alvefur2019-11-301-1/+5
| | | | | | | | | | | | Groups by domain in DNS hierarchy order or something. Why not split on '.' you ask? Well becasue that's not what I typed here. Also "[^.]" is longer than "%P".
* | mod_carbons: Improve performance by delaying creation of carbon payloadKim Alvefur2019-11-301-11/+15
| | | | | | | | | | | | If there are no other sessions which also enabled carbons then the carbons wrapper is not used and the potentially expensive clone operation was a waste of cycles.
* | core.portmanager: Complete error message for SNI TLS context problemsKim Alvefur2019-11-301-1/+1
| |
* | tests: Disable s2s in scansion testsKim Alvefur2019-11-301-1/+4
| | | | | | | | These are all c2s tests, no need to have s2s enabled.
* | mod_net_multiplex: Tweak debug logging for ALPN caseKim Alvefur2019-11-291-2/+1
| |
* | mod_net_multiplex: Add support for using ALPNKim Alvefur2019-11-296-3/+42
| | | | | | | | | | | | | | Potentially a bit more efficient since it can jump to the selected protocol on connect instead of waiting for some data to look at. Adds a 'protocol' field to net providers for this purpose.
* | net.http: Set ALPN on requestsKim Alvefur2019-11-291-1/+1
| | | | | | | | | | | | Shouldn't hurt. Revert if it turns out it does. Supported in LuaSec 0.8. Should be ignored otherwise.
* | core.portmanager: Fix TLS context inheritance for SNI hosts (completes SNI ↵Kim Alvefur2019-11-292-10/+6
| | | | | | | | support)
* | core.portmanager: Don't set the first TLS context with a cert as main contextKim Alvefur2019-11-291-4/+0
| | | | | | | | Don't think this works and it's apparently acceptable to require SNI these days.
* | mod_admin_telnet: Display ALPN in show_tls() if supported and availableKim Alvefur2019-11-211-0/+6
| |
* | mod_http: Log served URLs at 'info' levelKim Alvefur2019-11-291-1/+1
| | | | | | | | | | | | These are similar to the "activated service" messages from portmanager and similarily useful for the service admin to know even if they're not debugging anything.
* | mod_s2s: Prevent unhandled stanza handler from complaining about stream ↵Kim Alvefur2019-11-291-2/+2
| | | | | | | | | | | | features on aborted connections I have no idea why I wrote return false in e5945fb5b71f
* | mod_s2s_bidi: Ignore unencrypted connections if s2s_require_encryption is setKim Alvefur2019-11-281-3/+5
| | | | | | | | Prevents some weirdness in cases where no authentication is done
* | mod_s2s: Abort outgoing connections earlier when TLS requirement isn't satisfiedKim Alvefur2019-11-281-0/+7
| | | | | | | | | | This ensures the closure reason is accurate and not reported as an authentication or other problem
* | mod_s2s: Send stream errors for cert problems on outgoing connectionsKim Alvefur2019-11-281-6/+7
| | | | | | | | Rationale in comment.
* | mod_s2s: Improve error in bounces due to cert validation problemsKim Alvefur2019-11-271-3/+24
| |
* | mod_s2s_auth_certs: Save chain validation errors for later useKim Alvefur2019-11-271-0/+1
| |
* | net.websocket: Fix traceback in case of ondisconnect being called twiceMatthew Wild2019-11-261-0/+1
| | | | | | | | | | We want to figure out what situations the double ondisconnect happens in, and aim to fix the root cause in the future.
* | net.connect: Add some TODO commentsKim Alvefur2019-11-261-0/+4
| |
* | MUC: Add missing reference to room (thanks buildbot) [luacheck]Kim Alvefur2019-11-261-0/+1
| |
* | MUC: Indicate the component as origin of various errors where there's no roomKim Alvefur2019-11-262-7/+7
| | | | | | | | A room that doesn't exist can't return an error, can it?
* | MUC: Indicate that the room is the origin of various errors where 'from' is ↵Kim Alvefur2019-11-253-16/+19
| | | | | | | | an occupant JID
* | MUC: Indicate origin of registration related errorsKim Alvefur2019-11-252-5/+5
| |
* | MUC: Indicate origin of password related errorsKim Alvefur2019-11-252-2/+2
| |
* | util.stanza: Support the 'by' attribute on errorsKim Alvefur2019-11-252-3/+7
| | | | | | | | | | This is to be used when the entity generating the error is not the same as the one the stanza was directed to, e.g. an intermediate server.
* | util.stanza: Check that argument to error_reply is NOT a stanza of type errorKim Alvefur2019-11-252-0/+12
| | | | | | | | Replying to an error is Very Bad
* | util.stanza: Check that argument to error_reply is a stanzaKim Alvefur2019-11-252-0/+9
| |
* | util.stanza: Remove redundant check for attrsKim Alvefur2019-11-252-1/+8
| | | | | | | | A stanza can't not have attrs if created the correct way
* | util.stanza: Check that argument to reply is a stanzaKim Alvefur2019-11-252-0/+9
| |
* | Merge 0.11->trunkKim Alvefur2019-11-241-0/+2
|\|
| * net.resolvers.basic: Normalise IP literals, ensures net.server is happyKim Alvefur2019-11-241-0/+2
| |
* | net.resolvers.service: Pass IP literals directly to basic resolverKim Alvefur2019-11-241-0/+9
| | | | | | | | | | | | IP literals will not work with SRV records anyways. Fixes s2s with IP literals.