Commit message (Collapse) | Author | Age | Files | Lines | ||
---|---|---|---|---|---|---|
... | ||||||
* | | core.portmanager: Complete error message for SNI TLS context problems | Kim Alvefur | 2019-11-30 | 1 | -1/+1 | |
| | | ||||||
* | | core.portmanager: Fix TLS context inheritance for SNI hosts (completes SNI ↵ | Kim Alvefur | 2019-11-29 | 2 | -10/+6 | |
| | | | | | | | | support) | |||||
* | | core.portmanager: Don't set the first TLS context with a cert as main context | Kim Alvefur | 2019-11-29 | 1 | -4/+0 | |
| | | | | | | | | Don't think this works and it's apparently acceptable to require SNI these days. | |||||
* | | Merge 0.11->trunk | Kim Alvefur | 2019-11-23 | 11 | -63/+348 | |
|\ \ | |/ |/| | ||||||
| * | s2s: Allow passing a custom error for bouncing queued stanzas (#770) | Kim Alvefur | 2019-11-23 | 1 | -2/+2 | |
| | | | | | | | | Since stream errors and stanza errors are different | |||||
| * | core.sessionmanager: Require that client-requested resources pass strict ↵ | Kim Alvefur | 2019-11-02 | 1 | -1/+1 | |
| | | | | | | | | resourceprep | |||||
| * | core.configmanager: Handle nameprep validation errors | Kim Alvefur | 2019-11-02 | 1 | -2/+10 | |
| | | ||||||
| * | core.configmanager: Ensure Hosts are given names | Kim Alvefur | 2019-11-02 | 1 | -0/+6 | |
| | | | | | | | | Prevents traceback from nameprep(nil) | |||||
| * | core.sessionmanager: Fix traceback from passing nil to resourceprep | Kim Alvefur | 2019-11-02 | 1 | -1/+1 | |
| | | ||||||
| * | Backed out changeset 64ddcbc9a328 as it would prevent communicating with ↵ | Kim Alvefur | 2019-10-30 | 1 | -1/+1 | |
| | | | | | | | | valid remote JIDs that aren't valid under STRINGPREP / Unicode 3.2 | |||||
| * | core.stanza_router: Do strict jidprep on c2s | Kim Alvefur | 2019-09-09 | 1 | -1/+1 | |
| | | | | | | | | | | | | | | | | | | | | Be conservative in what you let your clients send, be liberal in what you let in via s2s. Being strict on s2s leads to interop problems and poor experiences, ie users being ejected from MUCs if something invalid enters. By starting with tightening up input into the network, we may be able to gradually approach a point where no invalid JIDs are allowed. | |||||
| * | core.s2smanager: Fix traceback due to mixup with to/from | Kim Alvefur | 2019-10-05 | 1 | -1/+1 | |
| | | | | | | | | Forgot to swap to and from in 3123a13cf577 | |||||
| * | core.s2smanager: Remove bidi-enabled s2sin from outgoing routing table | Kim Alvefur | 2019-10-05 | 1 | -0/+3 | |
| | | | | | | | | Caused creation of new s2sout instead of proper bidi-enabled s2sin. | |||||
| * | core.modulemanager: Split lists across multiple lines for improved readability | Kim Alvefur | 2019-09-29 | 1 | -2/+18 | |
| | | | | | | | | Patches will also be easier to read. | |||||
| * | mod_s2s_bidi: Enables bi-directional streams via XEP-0288 | Kim Alvefur | 2019-09-08 | 1 | -1/+1 | |
| | | ||||||
| * | core.stanza_router: Handle s2s in more direction-agnostic way | Kim Alvefur | 2019-09-07 | 1 | -2/+2 | |
| | | ||||||
| * | core.s2smanager: Add map of names authenticate for remote on s2sout for ↵ | Kim Alvefur | 2019-09-07 | 1 | -0/+1 | |
| | | | | | | | | | | | | parity with s2sin Making s2sin and -out look more alike in preparation for bidi support | |||||
| * | core.s2smanager: Add [direction] boolean flags to s2s connections | Kim Alvefur | 2019-09-07 | 1 | -0/+2 | |
| | | | | | | | | This will allow representing connections that go both directions | |||||
| * | core.certmanager: Lower severity for tls config not having cert | Kim Alvefur | 2019-09-07 | 1 | -2/+4 | |
| | | | | | | | | | | | | | | This is needed for SNI where certificates are in separate per-hostname contexts, not the main one. If there is a cert, it will still require a corresponding key. | |||||
| * | core.certmanager: Remove unused import [luacheck] | Kim Alvefur | 2019-08-25 | 1 | -1/+0 | |
| | | ||||||
| * | Remove COMPAT with temporary luasec fork | Kim Alvefur | 2019-08-25 | 1 | -7/+0 | |
| | | | | | | | | | | The changes in the temporary fork were merged into mainline luasec ca 2013 and included in the 0.5 release in 2014. | |||||
| * | core.certmanager: Move EECDH ciphers before EDH in default cipherstring | Kim Alvefur | 2019-08-25 | 1 | -1/+1 | |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The original intent of having kEDH before kEECDH was that if a `dhparam` file was specified, this would be interpreted as a preference by the admin for old and well-tested Diffie-Hellman key agreement over newer elliptic curve ones. Otherwise the faster elliptic curve ciphersuites would be preferred. This didn't really work as intended since this affects the ClientHello on outgoing s2s connections, leading to some servers using poorly configured kEDH. With Debian shipping OpenSSL settings that enforce a higher security level, this caused interoperability problems with servers that use DH params smaller than 2048 bits. E.g. jabber.org at the time of this writing has 1024 bit DH params. MattJ says > Curves have won, and OpenSSL is less weird about them now | |||||
| * | core.moduleapi: Restructure send_iq method for more atomic cleanup | Kim Alvefur | 2019-08-21 | 1 | -16/+23 | |
| | | | | | | | | | | All cleanup in one spot instead of two, and at the end which fits with cleanup happening afterwards. | |||||
| * | core.moduleapi: Uppercase "IQ stanza" for consistency | Kim Alvefur | 2019-08-21 | 1 | -1/+1 | |
| | | | | | | | | It's written like that elsewhere in the send_iq method | |||||
| * | core.portmanager: Remove unused local [luacheck] | Kim Alvefur | 2019-07-30 | 1 | -1/+1 | |
| | | ||||||
| * | core.portmanager: Remove tostring call from logging | Kim Alvefur | 2019-07-30 | 1 | -1/+1 | |
| | | | | | | | | Taken care of by loggingmanager now | |||||
| * | core.sessionmanager: Remove tostring call from logging | Kim Alvefur | 2019-07-30 | 1 | -3/+3 | |
| | | | | | | | | Taken care of by loggingmanager now | |||||
| * | core.stanza_router: Remove tostring call from logging | Kim Alvefur | 2019-07-30 | 1 | -1/+1 | |
| | | | | | | | | Taken care of by loggingmanager now | |||||
| * | core.s2smanager: Rewrite log line to use formatting instead of concatenation | Kim Alvefur | 2019-07-30 | 1 | -5/+3 | |
| | | | | | | | | | | Makes it more in line with logging elsewhere. Potentially avoids or at least delays creation of new string. | |||||
| * | core.s2smanager: Remove use of tostring in logging | Kim Alvefur | 2019-07-29 | 1 | -2/+2 | |
| | | | | | | | | This is now performed by loggingmanager | |||||
| * | core/sessionmanager: Remove unnecessary fallback in make_authenticated | Maxime “pep” Buquet | 2019-06-01 | 1 | -1/+1 | |
| | | ||||||
| * | Merge 0.11->trunk | Kim Alvefur | 2019-04-24 | 1 | -1/+1 | |
| |\ | ||||||
| * | | core.s2smanager: Fix previous commit (Thanks Martin) | Kim Alvefur | 2019-03-30 | 1 | -1/+1 | |
| | | | ||||||
| * | | core.sessionmanager: Use util.session to create sessions | Kim Alvefur | 2019-03-29 | 1 | -1/+7 | |
| | | | ||||||
| * | | core.s2smanager: Use util.session to create sessions | Kim Alvefur | 2019-03-29 | 1 | -17/+15 | |
| | | | ||||||
| * | | core.s2smanager: Spread out session tables over multiple lines | Kim Alvefur | 2019-03-29 | 1 | -3/+14 | |
| | | | | | | | | | | | | Improves readability | |||||
| * | | core.s2smanager: Rename variable to be same in two functions | Kim Alvefur | 2019-03-29 | 1 | -4/+4 | |
| | | | ||||||
| * | | moduleapi: Log suppressed status priority and message when not overriding | Matthew Wild | 2019-03-26 | 1 | -1/+1 | |
| | | | ||||||
| * | | moduleapi: Remove overly-verbose debug logging on module status change | Matthew Wild | 2019-03-26 | 1 | -1/+0 | |
| | | | ||||||
| * | | loggingmanager, mod_posix: Move syslog to core, fixes #541 (in a way) | Matthew Wild | 2019-03-26 | 1 | -0/+19 | |
| | | | ||||||
| * | | Backed out changeset 3eea63a68e0f | Matthew Wild | 2019-03-26 | 1 | -20/+1 | |
| | | | | | | | | | | | | Commit included intended changes to loggingmanager | |||||
| * | | sessionmanager: Split byte-level sending into separate session.rawsend | Kim Alvefur | 2019-03-24 | 1 | -8/+14 | |
| | | | ||||||
| * | | util.queue: Update :items() to consistently use private data directly | Matthew Wild | 2019-03-23 | 1 | -1/+20 | |
| | | | | | | | | | | | | | | | It will perform better this way, and we were accessing private variables already within the iterator. | |||||
| * | | configmanager: Pass through warnings from included files | Matthew Wild | 2019-03-20 | 1 | -2/+7 | |
| | | | ||||||
| * | | configmanager: Emit warning for duplicated config options | Matthew Wild | 2019-03-20 | 1 | -0/+16 | |
| | | | ||||||
| * | | configmanager: Add support for returning warnings | Matthew Wild | 2019-03-20 | 1 | -2/+3 | |
| | | | ||||||
| * | | modulemanager: Set module status on successful or failed module load | Matthew Wild | 2019-03-19 | 1 | -0/+5 | |
| | | | ||||||
| * | | moduleapi: New API for modules to set a status | Matthew Wild | 2019-03-19 | 1 | -0/+31 | |
| | | | ||||||
| * | | core.certmanager: Do not ask for client certificates by default | Kim Alvefur | 2019-03-10 | 1 | -1/+1 | |
| | | | | | | | | | | | | | | | | | | Since it's mostly only mod_s2s that needs to request client certificates it makes some sense to have mod_s2s ask for this, instead of having eg mod_http ask to disable it. | |||||
| * | | core.portmanager: Collect per-host certificates for SNI | Kim Alvefur | 2018-09-14 | 1 | -0/+41 | |
| | | |