Commit message (Collapse) | Author | Age | Files | Lines | ||
---|---|---|---|---|---|---|
... | ||||||
| * | core.certmanager: Look for privkey.pem to go with fullchain.pem (fix #1526) | Kim Alvefur | 2020-04-10 | 1 | -6/+8 | |
| | | | | | | | | | | | | | | This makes `prosodyctl cert import example.com /path/to/example.com/fullchain.pem` work. This was never intended to, yet users commonly tried this and got problems. | |||||
| * | core.rostermanager: Cache rosters of offline users for faster access (fixes ↵ | Kim Alvefur | 2018-12-16 | 1 | -0/+22 | |
| | | | | | | | | | | | | #1233) (grafted from 42a3e3a2824822cef7640ac56d182c59bdd4224e) | |||||
* | | moduleapi: Rename argument to silence luacheck | Kim Alvefur | 2020-04-01 | 1 | -2/+2 | |
| | | ||||||
* | | moduleapi: Fix handling of replies to :send_iq from internal modules | Kim Alvefur | 2020-03-22 | 1 | -1/+10 | |
| | | | | | | | | | | Unclear exactly why, but replies to some queries to local modules would be discarded by stanza_router. This appears to fix it. | |||||
* | | usermanager: Fix traceback when checking admin status of host-only JIDs ↵ | Matthew Wild | 2020-03-19 | 1 | -1/+1 | |
| | | | | | | | | (fixes #1508) | |||||
* | | storagemanager, mod_storage_sql: Rename methods to :get_all() and :delete_all() | Matthew Wild | 2020-03-11 | 1 | -4/+4 | |
| | | ||||||
* | | storagemanager: Add support for :find_key() and :delete_key() to map store shim | Matthew Wild | 2020-03-11 | 1 | -0/+33 | |
| | | ||||||
* | | usermanager, mod_authz_*: Merge mod_authz_config and mod_authz_internal into ↵ | Matthew Wild | 2020-02-23 | 1 | -1/+1 | |
| | | | | | | | | the latter | |||||
* | | stanza_router: only fire pre-stanza if firing other preevents (e.g. for c2s ↵ | Matthew Wild | 2020-02-05 | 1 | -6/+6 | |
| | | | | | | | | sessions) | |||||
* | | sessionmanager: Support passing an auth scope to make_authenticated | Matthew Wild | 2020-02-05 | 1 | -1/+2 | |
| | | ||||||
* | | portmanager: Don't auto-start network services under prosodyctl | Matthew Wild | 2020-02-05 | 1 | -1/+1 | |
| | | ||||||
* | | usermanager: Add get_roles() function | Matthew Wild | 2020-02-05 | 1 | -1/+7 | |
| | | ||||||
* | | stanza_router: Add once-per-routed-stanza event, pre-stanza | Matthew Wild | 2020-02-05 | 1 | -1/+8 | |
| | | ||||||
* | | mod_authz_internal, usermanager: Rename to mod_authz_config | Matthew Wild | 2020-01-27 | 1 | -1/+1 | |
| | | ||||||
* | | usermanager: Load authz providers on components also | Matthew Wild | 2020-01-27 | 1 | -4/+6 | |
| | | ||||||
* | | usermanager, mod_authz_internal: Move admin-checking functionality into a ↵ | Matthew Wild | 2020-01-27 | 1 | -30/+32 | |
| | | | | | | | | | | | | | | module. Fixes #517 (ish). Note: Removes the ability for mod_auth_* providers to determine user admin status. Such modules will need to have their is_admin methods ported to be a mod_authz_* provider. | |||||
* | | core.moduleapi: Hook correct event type in some cases | Kim Alvefur | 2020-01-16 | 1 | -1/+2 | |
| | | | | | | | | | | In rare cases, module.host can be a bare JID, in which case this test did the wrong thing. | |||||
* | | core.moduleapi: Rename local name for util.error for consistency | Kim Alvefur | 2019-12-30 | 1 | -6/+6 | |
| | | | | | | | | It's called 'errors' everywhere else except here. | |||||
* | | core.moduleapi: Fix error context in :send_iq API | Kim Alvefur | 2019-12-30 | 1 | -1/+1 | |
| | | | | | | | | | | It got passed as argument to reject() instead of the util.error function and was lost. | |||||
* | | core.statsmanager: Ignore unused variable [luacheck] | Kim Alvefur | 2019-12-23 | 1 | -0/+1 | |
| | | ||||||
* | | core.portmanager: Ignore unused return variable [luacheck] | Kim Alvefur | 2019-12-23 | 1 | -0/+1 | |
| | | ||||||
* | | core.modulemanager: Silence warning about unused err variable [luacheck] | Kim Alvefur | 2019-12-20 | 1 | -1/+2 | |
| | | ||||||
* | | core.stanza_router: Silence warning about unused err_message [luacheck] | Kim Alvefur | 2019-12-20 | 1 | -1/+1 | |
| | | ||||||
* | | core.stanza_router: Extract host part of JIDs directly [luacheck] | Kim Alvefur | 2019-12-20 | 1 | -3/+4 | |
| | | | | | | | | Silences warning about unused return values | |||||
* | | rostermanager, mod_presence: Support for subscription preapproval (fixes #686) | Matthew Wild | 2019-12-19 | 1 | -3/+20 | |
| | | ||||||
* | | core.portmanager: Complete error message for SNI TLS context problems | Kim Alvefur | 2019-11-30 | 1 | -1/+1 | |
| | | ||||||
* | | core.portmanager: Fix TLS context inheritance for SNI hosts (completes SNI ↵ | Kim Alvefur | 2019-11-29 | 2 | -10/+6 | |
| | | | | | | | | support) | |||||
* | | core.portmanager: Don't set the first TLS context with a cert as main context | Kim Alvefur | 2019-11-29 | 1 | -4/+0 | |
| | | | | | | | | Don't think this works and it's apparently acceptable to require SNI these days. | |||||
* | | Merge 0.11->trunk | Kim Alvefur | 2019-11-23 | 11 | -63/+348 | |
|\ \ | |/ |/| | ||||||
| * | s2s: Allow passing a custom error for bouncing queued stanzas (#770) | Kim Alvefur | 2019-11-23 | 1 | -2/+2 | |
| | | | | | | | | Since stream errors and stanza errors are different | |||||
| * | core.sessionmanager: Require that client-requested resources pass strict ↵ | Kim Alvefur | 2019-11-02 | 1 | -1/+1 | |
| | | | | | | | | resourceprep | |||||
| * | core.configmanager: Handle nameprep validation errors | Kim Alvefur | 2019-11-02 | 1 | -2/+10 | |
| | | ||||||
| * | core.configmanager: Ensure Hosts are given names | Kim Alvefur | 2019-11-02 | 1 | -0/+6 | |
| | | | | | | | | Prevents traceback from nameprep(nil) | |||||
| * | core.sessionmanager: Fix traceback from passing nil to resourceprep | Kim Alvefur | 2019-11-02 | 1 | -1/+1 | |
| | | ||||||
| * | Backed out changeset 64ddcbc9a328 as it would prevent communicating with ↵ | Kim Alvefur | 2019-10-30 | 1 | -1/+1 | |
| | | | | | | | | valid remote JIDs that aren't valid under STRINGPREP / Unicode 3.2 | |||||
| * | core.stanza_router: Do strict jidprep on c2s | Kim Alvefur | 2019-09-09 | 1 | -1/+1 | |
| | | | | | | | | | | | | | | | | | | | | Be conservative in what you let your clients send, be liberal in what you let in via s2s. Being strict on s2s leads to interop problems and poor experiences, ie users being ejected from MUCs if something invalid enters. By starting with tightening up input into the network, we may be able to gradually approach a point where no invalid JIDs are allowed. | |||||
| * | core.s2smanager: Fix traceback due to mixup with to/from | Kim Alvefur | 2019-10-05 | 1 | -1/+1 | |
| | | | | | | | | Forgot to swap to and from in 3123a13cf577 | |||||
| * | core.s2smanager: Remove bidi-enabled s2sin from outgoing routing table | Kim Alvefur | 2019-10-05 | 1 | -0/+3 | |
| | | | | | | | | Caused creation of new s2sout instead of proper bidi-enabled s2sin. | |||||
| * | core.modulemanager: Split lists across multiple lines for improved readability | Kim Alvefur | 2019-09-29 | 1 | -2/+18 | |
| | | | | | | | | Patches will also be easier to read. | |||||
| * | mod_s2s_bidi: Enables bi-directional streams via XEP-0288 | Kim Alvefur | 2019-09-08 | 1 | -1/+1 | |
| | | ||||||
| * | core.stanza_router: Handle s2s in more direction-agnostic way | Kim Alvefur | 2019-09-07 | 1 | -2/+2 | |
| | | ||||||
| * | core.s2smanager: Add map of names authenticate for remote on s2sout for ↵ | Kim Alvefur | 2019-09-07 | 1 | -0/+1 | |
| | | | | | | | | | | | | parity with s2sin Making s2sin and -out look more alike in preparation for bidi support | |||||
| * | core.s2smanager: Add [direction] boolean flags to s2s connections | Kim Alvefur | 2019-09-07 | 1 | -0/+2 | |
| | | | | | | | | This will allow representing connections that go both directions | |||||
| * | core.certmanager: Lower severity for tls config not having cert | Kim Alvefur | 2019-09-07 | 1 | -2/+4 | |
| | | | | | | | | | | | | | | This is needed for SNI where certificates are in separate per-hostname contexts, not the main one. If there is a cert, it will still require a corresponding key. | |||||
| * | core.certmanager: Remove unused import [luacheck] | Kim Alvefur | 2019-08-25 | 1 | -1/+0 | |
| | | ||||||
| * | Remove COMPAT with temporary luasec fork | Kim Alvefur | 2019-08-25 | 1 | -7/+0 | |
| | | | | | | | | | | The changes in the temporary fork were merged into mainline luasec ca 2013 and included in the 0.5 release in 2014. | |||||
| * | core.certmanager: Move EECDH ciphers before EDH in default cipherstring | Kim Alvefur | 2019-08-25 | 1 | -1/+1 | |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The original intent of having kEDH before kEECDH was that if a `dhparam` file was specified, this would be interpreted as a preference by the admin for old and well-tested Diffie-Hellman key agreement over newer elliptic curve ones. Otherwise the faster elliptic curve ciphersuites would be preferred. This didn't really work as intended since this affects the ClientHello on outgoing s2s connections, leading to some servers using poorly configured kEDH. With Debian shipping OpenSSL settings that enforce a higher security level, this caused interoperability problems with servers that use DH params smaller than 2048 bits. E.g. jabber.org at the time of this writing has 1024 bit DH params. MattJ says > Curves have won, and OpenSSL is less weird about them now | |||||
| * | core.moduleapi: Restructure send_iq method for more atomic cleanup | Kim Alvefur | 2019-08-21 | 1 | -16/+23 | |
| | | | | | | | | | | All cleanup in one spot instead of two, and at the end which fits with cleanup happening afterwards. | |||||
| * | core.moduleapi: Uppercase "IQ stanza" for consistency | Kim Alvefur | 2019-08-21 | 1 | -1/+1 | |
| | | | | | | | | It's written like that elsewhere in the send_iq method | |||||
| * | core.portmanager: Remove unused local [luacheck] | Kim Alvefur | 2019-07-30 | 1 | -1/+1 | |
| | |