aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* mod_s2s: Guard against LuaSec not returning TLS info here tooKim Alvefur2021-06-211-1/+2
| | | | See previous commit to mod_c2s: a62146353528
* mod_c2s: Guard against LuaSec not returning TLS info (thanks Martin)Kim Alvefur2021-06-211-4/+4
| | | | | | | | | The :info() method has been observed to return nothing ... sometimes. Unclear what causes it. Perhaps the TLS connection was shut down or hasn't fully settled? The LuaSec code has code paths that return nothing or nil, error, so it is best to guard against it.
* doap: Update XEP-0368 entry with mention of direct_tls_portsKim Alvefur2021-06-201-1/+1
|
* CHANGES: Add Direct TLS supportKim Alvefur2021-06-201-0/+1
| | | | | | | | Since there is now support for SNI with per-host certificates as well as support in `prosodyctl check dns`. Previous "support" was just the 'legacy_ssl' option, which didn't have much other supporting code.
* mod_c2s: Log the same messages for Direct TLS as with starttlsKim Alvefur2021-06-201-1/+6
| | | | ^C^V
* mod_c2s: Update a comment to reflect Direct TLSKim Alvefur2021-06-201-1/+1
|
* util.prosodyctl.check: Ensure that libunbound does not check hosts fileKim Alvefur2021-06-201-0/+3
| | | | | | This fixes wrongly reported DNS problems on some distros where the hosts file contains an entry for the local machine, pointing at a loopback address such as 127.0.1.1 or similar.
* util.prosodyctl.check: Deprecate legacy_ssl related optionsKim Alvefur2021-06-201-0/+1
|
* util.prosodyctl.check: Add support for checking Direct TLS SRV recordsKim Alvefur2021-06-201-1/+23
|
* mod_c2s: Add a Direct TLS listenerKim Alvefur2021-06-201-0/+10
| | | | | This only differs from 'legacy_ssl' in name, at least on the server side. For clients this is the one that uses SRV records.
* util.prosodyctl.check: Fix for net.dns vs unbound API differenceKim Alvefur2021-06-201-2/+2
| | | | | net.dns returns nil for NXDOMAIN, while net.unbound returns a table with zero items and various status fields.
* util.prosodyctl.check: Add knowledge of the global-only 'use_ipv4' settingKim Alvefur2021-06-201-1/+1
|
* mod_http_file_share: Update comment about x-frame-optionsKim Alvefur2021-06-201-1/+1
| | | | | | | | | X-Frame-Options was replaced by the Content-Security-Policy 'frame-ancestors' directive, but Internet Explorer does not support that part of CSP. Since it's just one line it doesn't hurt to keep until some future spring cleaning event :)
* CHANGES: Add OpenMetrics changes to StatisticsKim Alvefur2021-06-191-0/+1
|
* mod_s2s: Bail if connection is destroyed after attempting to open streamKim Alvefur2021-06-161-0/+5
| | | | | | | | | | Fixes "attempt to compare number with nil" because `session.version` has been cleared by s2smanager.destroy_session. This can happen with the server_epoll setting opportunistic_writes enabled, which means that it can notice that the connection failed at this point, after which it triggers the whole chain of events that leads to session destruction and "cleaning" most of the session fields.
* mod_c2s,mod_s2s: Collect stats on TLS versions and ciphersKim Alvefur2021-06-162-0/+13
|
* mod_admin_shell: module:info: List 'items' that can be formatted easilyKim Alvefur2021-06-121-0/+14
| | | | | Some items like HTTP providers would be very verbose, others are tricky to handle.
* mod_admin_shell: module:info: Show friendlier name for known 'items'Kim Alvefur2021-06-121-1/+9
|
* mod_admin_shell: module:info: List provided 'items'Kim Alvefur2021-06-121-0/+6
|
* mod_admin_shell: module:info: Use existing host string representationKim Alvefur2021-06-121-8/+2
| | | | | | Hosts have a metatable __tostring method that produces a nice representation such as `VirtualHost "example.com"`, which even includes the component module for internal components.
* mod_admin_shell: module:info: List dependenciesKim Alvefur2021-06-121-0/+6
|
* mod_admin_shell: module:info: Show module statusKim Alvefur2021-06-121-0/+3
|
* mod_admin_shell: Add basic command that shows more info about loaded modulesKim Alvefur2021-06-121-0/+29
| | | | | To show info about loaded modules. Inspired by the desire to know whether a module was loaded from the core set or 3rd party.
* util.openmetrics: Use pack from util.table, detect appropriate unpack for ↵Matthew Wild2021-06-141-4/+5
| | | | Lua 5.1 (thanks sups)
* mod_turn_external: Simple module to offer TURN(+STUN) via mod_external_servicesKim Alvefur2021-01-212-1/+30
|
* core.portmanager: Also reload per-SNI certificatesKim Alvefur2021-06-101-1/+3
|
* core.portmanager: Reload direct TLS certificates after config reloadKim Alvefur2021-06-101-0/+21
| | | | | This should re-create all contexts the same way as when the service was activated, which reloads certificates.
* core.portmanager: Factor out base TLS context creation for reuseKim Alvefur2021-06-101-10/+15
| | | | Thinking I can use this to reload certificates after config reload
* net.server_epoll: Add missing method for changing TLS contextKim Alvefur2021-06-101-0/+4
| | | | | Supported by the other net.server implementations already, but not used anywhere in Prosody.
* mod_http_file_share: Build list of measuring buckets for configured size limitKim Alvefur2021-06-081-1/+7
| | | | | Creates buckets up to the configured size limit or 1TB, whichever is smaller, e.g. {1K, 4K, 16K, ... 4M, 16M}
* util.openmetrics: Prettify format of histogram bucketsKim Alvefur2021-06-081-1/+1
| | | | | | | | | "%g" turns 1GB into 1.07374e+09, which is a bit awkward for the bytes measurements IMO. Turning up the precision, at "%.17g" turns 0.1 into 0.10000000000000001 while "%0.16" gives 0.1, hiding most of those pesky floating point artefacts. Lua version 5.2 uses "%.14g" ( see LUA_NUMBER_FMT in luaconf.h.html ) so it seems like a sensible choice here.
* net.server_epoll: Fix reporting of socket connect timeoutKim Alvefur2021-06-071-0/+2
| | | | | | | | | | | | | | | | | | | If the underlying TCP connection times out before the write timeout kicks in, end up here with err="timeout", which the following code treats as a minor issue. Then, due to epoll apparently returning the EPOLLOUT (writable) event too, we go on and try to write to the socket (commonly stream headers). This fails because the socket is closed, which becomes the error returned up the stack to the rest of Prosody. This also trips the 'onconnect' signal, which has effects on various things, such as the net.connect state machine. Probably undesirable effects. With this, we instead return "connection timeout", like server_event, and destroy the connection handle properly. And then nothing else happens because the connection has been destroyed.
* core.certmanager: Skip service certificate lookup for https clientKim Alvefur2021-05-271-1/+2
| | | | | | Quick Fix\u{2122} to stop prevent certmanager from automatically adding a client certificate for net.http.request, since this normally does not require such.
* core.portmanager: Fix race condition in initialization of SNI cert mapKim Alvefur2021-05-281-2/+2
| | | | | | | | | | | | | | | | | Under some circumstances when hosts and modules are loaded in some certain order, entries end up missing from the SNI map. This manifests in e.g. `curl https://localhost:5281/` giving an error about "unrecognized name". The `service` argument is `nil` when invoked from the "host-activated" event, leading it to iterating over every service. And then it would not be fetching e.g. `http_host` from the config, which explains why https would sometimes not work due to the missing name entry. Because when `service` is included, this limits the iteration to matching entries, while also returning the same value as the `name` loop variable. Because `name == service when service != nil` we can use name instead in the body of the loop.
* scansion: Really silence the certificates dir errorKim Alvefur2021-05-281-1/+1
| | | | certificate_s_, plural, is the directory setting
* scansion: Silence an error from cert indexer due to missing certs dirKim Alvefur2021-05-271-1/+4
|
* Merge 0.11->trunkKim Alvefur2021-05-271-1/+1
|\
| * prosodyctl: Add 'limits' to known globals to warn about misplacing itKim Alvefur2021-05-271-1/+1
| | | | | | | | It will do nothing in a VirtualHost section for example.
* | core.modulemanager: Inherit mod_server_contact_info onto components #1270Kim Alvefur2021-05-273-1/+2
| |
* | mod_server_contact_info: Generate properly escaped URIs from 'admins'Kim Alvefur2020-09-111-1/+2
| |
* | mod_server_contact_info: Apply JID normalizationKim Alvefur2020-09-113-1/+29
| |
* | prosodyctl: Reorganize help / command listKim Alvefur2021-01-221-7/+15
| |
* | prosody.cfg.lua.dist: Replace use_libevent with network_backendKim Alvefur2021-05-241-3/+3
| | | | | | | | | | Since there are more than two choices now. Hard to describe this choice in just one line. Maybe this whole block should go away?
* | mod_tls: Add "support" for <failure> by closing gracefullyKim Alvefur2021-05-211-0/+6
| | | | | | | | Nicer than the "unsupported stanza type" error we get otherwise.
* | teal: Add type spec for util.signalKim Alvefur2021-05-201-0/+41
| |
* | teal: Add type spec for util.ringbufferKim Alvefur2021-05-201-0/+20
| |
* | teal: Describe util.net.local_addresses() return typeKim Alvefur2021-05-201-1/+1
| |
* | teal: Add new util.hashes APIsKim Alvefur2021-05-201-0/+2
| |
* | statsmanager: remove "legacy" wordingJonas Schäfer2021-05-201-1/+1
| | | | | | | | | | | | | | This was a leftover from when we (or rather I) thought that the old (now called "high-level") API would be removed. We deemed it useful though, so let's remove that "legacy" language and make the description more friendly.
* | util.stanza: add at_top helperJonas Schäfer2021-05-081-0/+4
| | | | | | | | | | | | This allows the user to detect whether the cursor is currently at the top of the stanza. This will be used by util.xmppstream to be able to port it over.