aboutsummaryrefslogtreecommitdiffstats
path: root/core/certmanager.lua
Commit message (Collapse)AuthorAgeFilesLines
* certmanager: Filter out curves not supported by LuaSecKim Alvefur2017-11-201-0/+12
|
* certmanager: Change table representing LuaSec capabilities to match ↵Kim Alvefur2017-11-201-13/+20
| | | | capabilities table exposed in LuaSec 0.7
* core.certmanager: Set a default curveslist [sic], fixes #879, #943, #951 if ↵Kim Alvefur2017-09-271-0/+6
| | | | used along with luasec 0.7 and openssl 1.1
* prosodyctl: cert import: Reuse function from certmanager for locating ↵Kim Alvefur2017-09-271-0/+1
| | | | certificates and keys
* certmanager: Add debug logging (thanks av6)Matthew Wild2017-09-231-0/+4
|
* certmanager: Update the 'certificates' option after the config has been ↵Kim Alvefur2017-06-011-0/+1
| | | | reloaded (fixes #929)
* core.certmanager: Translate "no start line" to something friendlier (thanks ↵Kim Alvefur2016-11-261-0/+5
| | | | santiago)
* core.certmanager: Split cipher list into array with comments explaining each ↵Kim Alvefur2016-09-121-1/+10
| | | | part
* certmanager: Assume default config path of '.' (fixes prosodyctl check certs ↵Kim Alvefur2016-07-291-1/+1
| | | | when not installed)
* certmanager: Explicitly tonumber() version number segments before doing ↵Matthew Wild2016-03-261-1/+1
| | | | arithmetic and avoid relying on implicit coercion (thanks David Favro)
* certmanager: Localize tonumberMatthew Wild2016-02-181-1/+1
|
* certmanager: Try filename.key if certificate is set to a full filename ↵Kim Alvefur2016-02-051-3/+2
| | | | ending with .crt
* certmanager: Apply global ssl config later so certificate/key is not ↵Kim Alvefur2016-02-051-1/+1
| | | | overwritten by magic
* certmanager: Support new certificate configuration for non-XMPP services too ↵Matthew Wild2016-02-051-6/+23
| | | | (fixes #614)
* core.certmanager: Look for certificate and key in a few different placesKim Alvefur2016-02-031-0/+28
|
* core.certmanager: Remove non-string filenames (allows setting eg capath to ↵Kim Alvefur2015-10-111-0/+2
| | | | false to disable the built in default)
* core.*: Remove use of module() functionKim Alvefur2015-02-211-4/+7
|
* certmanager: Fix compat for MattJs old LuaSec forkKim Alvefur2015-02-051-1/+1
|
* certmanager: Fix previous commitKim Alvefur2015-02-051-1/+1
|
* certmanager: Limit certificate chain depth to 9Kim Alvefur2015-02-051-0/+1
|
* certmanager: Options that appear to be available since LuaSec 0.2Kim Alvefur2015-02-051-3/+3
|
* certmanager: Improve "detection" of features that depend on LuaSec versionKim Alvefur2015-02-051-11/+15
|
* certmanager: Add locals for ssl.context and ssl.x509Kim Alvefur2015-02-051-3/+5
|
* certmanager: Early return from the entire module if LuaSec is unavailableKim Alvefur2015-02-051-12/+18
|
* certmanager: Make global variable access explicitMatthew Wild2015-01-201-1/+1
|
* certmanager, mod_tls: Return final ssl config as third return value (fix for ↵Kim Alvefur2014-11-221-3/+1
| | | | c6caaa440e74, portmanager assumes non-falsy second return value is an error) (thanks deoren)
* certmanager: Return final ssl config along with ssl context on successKim Alvefur2014-11-191-1/+3
|
* core.certmanager: Make create_context() support an arbitrary number of ↵Kim Alvefur2014-07-031-3/+6
| | | | option sets, merging all
* core.certmanager: Use util.sslconfigKim Alvefur2014-07-031-71/+14
|
* core.certmanager, core.moduleapi, mod_storage_sql, mod_storage_sql2: Import ↵Kim Alvefur2014-05-091-1/+1
| | | | from util.paths
* certmanager: Move ssl.protocol handling to after ssl.options is a table ↵Kim Alvefur2014-04-211-8/+9
| | | | (thanks Ralph)
* certmanager: Fix traceback if no global 'ssl' section set (thanks albert)Kim Alvefur2014-04-201-1/+3
|
* certmanager: Update ssl_compression when config is reloadedKim Alvefur2014-04-151-0/+3
|
* certmanager: Reformat core ssl defaultsKim Alvefur2014-04-151-9/+9
|
* certmanager: Support ssl.protocol syntax like "tlsv1+" that disables older ↵Kim Alvefur2014-04-151-2/+13
| | | | protocols
* certmanager: Merge ssl.options, verify etc from core defaults and global ssl ↵Kim Alvefur2014-04-151-0/+29
| | | | settings with inheritance while allowing options to be disabled per virtualhost
* certmanager: Wrap long line and add commentKim Alvefur2014-04-141-1/+5
|
* certmanager: Concatenate cipher list if given as a tableKim Alvefur2014-04-141-0/+6
|
* certmanager: Allow non-server contexts to be without certificate and keyKim Alvefur2014-04-141-2/+4
|
* certmanager: Check for non-nil values instead of true-ish values, allows ↵Kim Alvefur2014-04-141-2/+3
| | | | removing defaults
* Merge 0.9->0.10Matthew Wild2013-11-211-1/+1
|\
| * certmanager: Further cipher string tweaking. Re-enable ciphers required for ↵Matthew Wild2013-11-211-1/+1
| | | | | | | | DSA and ECDH certs/keys.
| * Back out 1b0ac7950129, as SSLv3 appears to still be in moderate use on the ↵Matthew Wild2013-11-121-1/+1
| | | | | | | | network. Also, although obsolete, SSLv3 isn't documented to have any weaknesses that TLS 1.0 (the most common version used today) doesn't also have. Get your act together clients!
* | Merge 0.9->0.10Matthew Wild2013-11-101-1/+1
|\|
| * certmanager: Update default cipher string to prefer forward-secrecy over ↵Matthew Wild2013-11-101-1/+1
| | | | | | | | cipher strength and to disable triple-DES (weaker and much slower than AES)
* | Merge 0.9->0.10Matthew Wild2013-11-091-1/+1
|\|
| * certmanager: Fix order of options, so that the dynamic option is at the end ↵Matthew Wild2013-11-091-1/+1
| | | | | | | | of the array
| * certmanager: Default to using the server's cipher preference order by ↵Matthew Wild2013-11-091-1/+1
| | | | | | | | default, as clients have been shown to commonly select weak and insecure ciphers even when they support stronger ones
* | Merge 0.9 -> 0.10Kim Alvefur2013-10-311-1/+1
|\|
| * certmanager: Disable SSLv3 by defaultKim Alvefur2013-10-311-1/+1
| |