aboutsummaryrefslogtreecommitdiffstats
path: root/core
Commit message (Collapse)AuthorAgeFilesLines
* core.portmanager: Fix TLS context inheritance for SNI hosts (completes SNI ↵Kim Alvefur2019-11-292-10/+6
| | | | support)
* core.portmanager: Don't set the first TLS context with a cert as main contextKim Alvefur2019-11-291-4/+0
| | | | Don't think this works and it's apparently acceptable to require SNI these days.
* Merge 0.11->trunkKim Alvefur2019-11-2311-63/+348
|\
| * s2s: Allow passing a custom error for bouncing queued stanzas (#770)Kim Alvefur2019-11-231-2/+2
| | | | | | | | Since stream errors and stanza errors are different
| * core.sessionmanager: Require that client-requested resources pass strict ↵Kim Alvefur2019-11-021-1/+1
| | | | | | | | resourceprep
| * core.configmanager: Handle nameprep validation errorsKim Alvefur2019-11-021-2/+10
| |
| * core.configmanager: Ensure Hosts are given namesKim Alvefur2019-11-021-0/+6
| | | | | | | | Prevents traceback from nameprep(nil)
| * core.sessionmanager: Fix traceback from passing nil to resourceprepKim Alvefur2019-11-021-1/+1
| |
| * Backed out changeset 64ddcbc9a328 as it would prevent communicating with ↵Kim Alvefur2019-10-301-1/+1
| | | | | | | | valid remote JIDs that aren't valid under STRINGPREP / Unicode 3.2
| * core.stanza_router: Do strict jidprep on c2sKim Alvefur2019-09-091-1/+1
| | | | | | | | | | | | | | | | | | | | Be conservative in what you let your clients send, be liberal in what you let in via s2s. Being strict on s2s leads to interop problems and poor experiences, ie users being ejected from MUCs if something invalid enters. By starting with tightening up input into the network, we may be able to gradually approach a point where no invalid JIDs are allowed.
| * core.s2smanager: Fix traceback due to mixup with to/fromKim Alvefur2019-10-051-1/+1
| | | | | | | | Forgot to swap to and from in 3123a13cf577
| * core.s2smanager: Remove bidi-enabled s2sin from outgoing routing tableKim Alvefur2019-10-051-0/+3
| | | | | | | | Caused creation of new s2sout instead of proper bidi-enabled s2sin.
| * core.modulemanager: Split lists across multiple lines for improved readabilityKim Alvefur2019-09-291-2/+18
| | | | | | | | Patches will also be easier to read.
| * mod_s2s_bidi: Enables bi-directional streams via XEP-0288Kim Alvefur2019-09-081-1/+1
| |
| * core.stanza_router: Handle s2s in more direction-agnostic wayKim Alvefur2019-09-071-2/+2
| |
| * core.s2smanager: Add map of names authenticate for remote on s2sout for ↵Kim Alvefur2019-09-071-0/+1
| | | | | | | | | | | | parity with s2sin Making s2sin and -out look more alike in preparation for bidi support
| * core.s2smanager: Add [direction] boolean flags to s2s connectionsKim Alvefur2019-09-071-0/+2
| | | | | | | | This will allow representing connections that go both directions
| * core.certmanager: Lower severity for tls config not having certKim Alvefur2019-09-071-2/+4
| | | | | | | | | | | | | | This is needed for SNI where certificates are in separate per-hostname contexts, not the main one. If there is a cert, it will still require a corresponding key.
| * core.certmanager: Remove unused import [luacheck]Kim Alvefur2019-08-251-1/+0
| |
| * Remove COMPAT with temporary luasec forkKim Alvefur2019-08-251-7/+0
| | | | | | | | | | The changes in the temporary fork were merged into mainline luasec ca 2013 and included in the 0.5 release in 2014.
| * core.certmanager: Move EECDH ciphers before EDH in default cipherstringKim Alvefur2019-08-251-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The original intent of having kEDH before kEECDH was that if a `dhparam` file was specified, this would be interpreted as a preference by the admin for old and well-tested Diffie-Hellman key agreement over newer elliptic curve ones. Otherwise the faster elliptic curve ciphersuites would be preferred. This didn't really work as intended since this affects the ClientHello on outgoing s2s connections, leading to some servers using poorly configured kEDH. With Debian shipping OpenSSL settings that enforce a higher security level, this caused interoperability problems with servers that use DH params smaller than 2048 bits. E.g. jabber.org at the time of this writing has 1024 bit DH params. MattJ says > Curves have won, and OpenSSL is less weird about them now
| * core.moduleapi: Restructure send_iq method for more atomic cleanupKim Alvefur2019-08-211-16/+23
| | | | | | | | | | All cleanup in one spot instead of two, and at the end which fits with cleanup happening afterwards.
| * core.moduleapi: Uppercase "IQ stanza" for consistencyKim Alvefur2019-08-211-1/+1
| | | | | | | | It's written like that elsewhere in the send_iq method
| * core.portmanager: Remove unused local [luacheck]Kim Alvefur2019-07-301-1/+1
| |
| * core.portmanager: Remove tostring call from loggingKim Alvefur2019-07-301-1/+1
| | | | | | | | Taken care of by loggingmanager now
| * core.sessionmanager: Remove tostring call from loggingKim Alvefur2019-07-301-3/+3
| | | | | | | | Taken care of by loggingmanager now
| * core.stanza_router: Remove tostring call from loggingKim Alvefur2019-07-301-1/+1
| | | | | | | | Taken care of by loggingmanager now
| * core.s2smanager: Rewrite log line to use formatting instead of concatenationKim Alvefur2019-07-301-5/+3
| | | | | | | | | | Makes it more in line with logging elsewhere. Potentially avoids or at least delays creation of new string.
| * core.s2smanager: Remove use of tostring in loggingKim Alvefur2019-07-291-2/+2
| | | | | | | | This is now performed by loggingmanager
| * core/sessionmanager: Remove unnecessary fallback in make_authenticatedMaxime “pep” Buquet2019-06-011-1/+1
| |
| * Merge 0.11->trunkKim Alvefur2019-04-241-1/+1
| |\
| * | core.s2smanager: Fix previous commit (Thanks Martin)Kim Alvefur2019-03-301-1/+1
| | |
| * | core.sessionmanager: Use util.session to create sessionsKim Alvefur2019-03-291-1/+7
| | |
| * | core.s2smanager: Use util.session to create sessionsKim Alvefur2019-03-291-17/+15
| | |
| * | core.s2smanager: Spread out session tables over multiple linesKim Alvefur2019-03-291-3/+14
| | | | | | | | | | | | Improves readability
| * | core.s2smanager: Rename variable to be same in two functionsKim Alvefur2019-03-291-4/+4
| | |
| * | moduleapi: Log suppressed status priority and message when not overridingMatthew Wild2019-03-261-1/+1
| | |
| * | moduleapi: Remove overly-verbose debug logging on module status changeMatthew Wild2019-03-261-1/+0
| | |
| * | loggingmanager, mod_posix: Move syslog to core, fixes #541 (in a way)Matthew Wild2019-03-261-0/+19
| | |
| * | Backed out changeset 3eea63a68e0fMatthew Wild2019-03-261-20/+1
| | | | | | | | | | | | Commit included intended changes to loggingmanager
| * | sessionmanager: Split byte-level sending into separate session.rawsendKim Alvefur2019-03-241-8/+14
| | |
| * | util.queue: Update :items() to consistently use private data directlyMatthew Wild2019-03-231-1/+20
| | | | | | | | | | | | | | | It will perform better this way, and we were accessing private variables already within the iterator.
| * | configmanager: Pass through warnings from included filesMatthew Wild2019-03-201-2/+7
| | |
| * | configmanager: Emit warning for duplicated config optionsMatthew Wild2019-03-201-0/+16
| | |
| * | configmanager: Add support for returning warningsMatthew Wild2019-03-201-2/+3
| | |
| * | modulemanager: Set module status on successful or failed module loadMatthew Wild2019-03-191-0/+5
| | |
| * | moduleapi: New API for modules to set a statusMatthew Wild2019-03-191-0/+31
| | |
| * | core.certmanager: Do not ask for client certificates by defaultKim Alvefur2019-03-101-1/+1
| | | | | | | | | | | | | | | | | | Since it's mostly only mod_s2s that needs to request client certificates it makes some sense to have mod_s2s ask for this, instead of having eg mod_http ask to disable it.
| * | core.portmanager: Collect per-host certificates for SNIKim Alvefur2018-09-141-0/+41
| | |
| * | core.portmanager: Record TLS config for each portKim Alvefur2018-10-101-2/+4
| | |