| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
| |
| |
| |
| |
| |
| | |
MattJ contributed new APIs for retrieving the actually used certificate
and chain to LuaSec, which are not in a release at the time of this
commit.
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This originally used a WIP implementation of cert:sigalg(), a method to
retrieve certificate signature algorithm, but it was never submitted
upstream. https://github.com/Zash/luasec/tree/zash/sigalg
cert:getsignaturename() was merged in
https://github.com/brunoos/luasec/commit/de393417b7c7566caf1e0a0ad54132942ac4f049
XEP-0440 v0.3.0 made implementing tls-server-end-point a MUST
|
| |
| |
| |
| |
| |
| |
| |
| | |
Since this channel binding method is said to enable TLS offloading then
you need tell Prosody the hash (or the full cert), so this seems like a
good start.
Support is RECOMMENDED in XEP-0440 version 0.2
|
| | |
|
| |
| |
| |
| | |
Ensures the periodic cleanup really does remove expired tokens.
|
| |
| |
| |
| | |
This should ensure expired grants eventually disappear.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Generally it is expected that a grant would have at least one token as
long as the grant is in active use.
Refresh tokens issued by mod_http_oauth2 have a lifetime of one week by
default, so the idea here is that if that refresh token expired and
another week goes by without the grant being used, then the whole grant
can be removed.
|
| | |
|
| | |
|
| |
| |
| |
| | |
Silence warning for using this introduced in 9c62ffbdf2ae
|
| |
| |
| |
| | |
Use of datetime was removed in 6ac5ad578565
|
|\| |
|
| |
| |
| |
| |
| |
| |
| |
| | |
Suggested by jstein in the chat
This option label is used by XMPP clients to explain what the option does.
a) The user should know where the data is archived.
b) The user needs a statement that can be enabled/disabled by the variable. A question would have the wrong logic here.
|
| | |
|
| |
| |
| |
| | |
Does this run in a thread?
|
| |
| |
| |
| |
| | |
This ensures that all interactions with storage happen inside an async
thread, allowing async waiting to be performed in storage drivers.
|
| |
| |
| |
| |
| |
| |
| | |
Maybe it is better to run daily and weekly tasks 'now' on the theory
that people set these things up during times that are appropriate for
maintenance already, so the same time next day or next week might be
fine for periodic cleanup.
|
| |
| |
| |
| | |
Fixes "Could not delete messages for room 'x': (nil)"
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This method would previously never delete the first (and only) item
since it works out which item should become the first item after the
trim operation, which doesn't make sense when all should be removed.
This also works as an optimization for when all the last item should be
trimmed, thus items should be removed.
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| | |
mod_http_errors normally sets the Content-Type header via the response
object, which isn't available when handling these uncaught errors.
Without a Content-Type header the browser is forced to guess, which may
or may not result in something sensible.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Behavior change: It becomes up to the authorization module whether to
allow requests. The default, mod_authz_internal, will allow users on the
*parent* host only, breaking use by some components.
Remaining question is whether to deprecate the `http_file_share_access`
setting or leave as a way to complement/bypass access control?
|
| |
| |
| |
| |
| |
| |
| |
| | |
Unlikely that anyone has had sql2 in their configs for a long time, so
this serves little purpose.
Leaving the indirection function in case some similar compat code is
needed in the future.
|
|\| |
|
| |
| |
| |
| |
| | |
The code would have suggested adding to modules_enabled instead of
modules_disabled
|
| |
| |
| |
| | |
Non-portable substitution syntax? Oh well.
|
| |
| |
| |
| |
| |
| | |
Thought it was a case mismatch at first, fixed that, but it changed
nothing because the error was in the leaf part of the errors, not the
chain part.
|
| |
| |
| |
| |
| |
| |
| | |
Improves readability. Reduces line count. What's not to like?
The code style and luacheck rules allows longer lines, and these strings
aren't long enough to need breaking into multiple lines like this.
|
| |
| |
| |
| |
| |
| | |
Since 443 is just as much a web port as port 80 these days, if not more.
What's with port 81 here?
|
| |
| |
| |
| | |
The XOR is done in C since 4e5a2af9dd19
|
| |
| |
| |
| |
| |
| | |
This removes the need to configure e.g. http_external_url or similar
settings in order to get correct URLs out of prosodyctl, as the API
depends on portmanager to know the actual ports that are used.
|
|\| |
|
| |
| |
| |
| | |
Backport of ffe4adbd2af9 since new was added in the 0.12 branch
|
| |
| |
| |
| |
| |
| | |
This appears to have been a copy-paste of the grant revocation function,
or maybe the other way around. Either way, it deleted the whole grant
instead of the individual token as might be expected.
|
| | |
|
| |
| |
| |
| |
| | |
Fixes that LuaDBI being unavailable makes these produce nothing but
endless stack overflows in luarocks.
|
| |
| |
| |
| |
| | |
Part of an attempt to make these tests work again. Previously they would
just explode in a million luarocks stack overflows
|
| |
| |
| |
| |
| | |
Using util.dependencies appeared to cause problems with running tests in
Busted, so this also removes that and uses pcall directly.
|
| |
| |
| |
| |
| | |
Probably a workaround for the lack of argument passing when using xpcall
in Lua 5.1, no longer relevant.
|
| |
| |
| |
| | |
According to MattJ, leftovers from an earlier vision for util.sql
|
| |
| |
| |
| |
| | |
Many leftovers from the earlier version of util.sql this was based on
and cleanup applied there since then.
|
| |
| |
| |
| |
| |
| | |
Shifting the index does not work reliably yet, better to rebuild it from
scratch. Since there is minimal parsing involved in that, it should be
more efficient anyway.
|
| |
| |
| |
| |
| | |
Allows specifying them the same way as the default and in the config,
for consistency
|
| | |
|
| |
| |
| |
| |
| | |
It gets closed eventually but at high load they could potentially
lead to reaching FD limits faster.
|
| |
| |
| |
| | |
In desperate need of tests
|
| |
| |
| |
| |
| |
| | |
This communicates the accepted values in case the config diverges from
them. Note that older documentation used an "admin" value behaving like
an alias to true, but this is no longer handled. Should it?
|
| |
| |
| |
| |
| | |
Passing something from module:get_option() to ipairs() suggests that the
option is a list of some sort.
|