aboutsummaryrefslogtreecommitdiffstats
path: root/plugins/mod_s2s
Commit message (Collapse)AuthorAgeFilesLines
* mod_s2s: Refactor stream error handling on closeKim Alvefur2019-12-011-19/+14
| | | | | | Deduplicates the 3 log calls that log the same thing but subtly differently. The first one would say "Disconnecting localhost" and the last one didn't log the IP.
* mod_s2s: Use stanza type check instead of duck typingKim Alvefur2019-12-011-1/+1
|
* mod_s2s: Improve TLS handshake error messagesKim Alvefur2019-12-011-0/+4
| | | | | | This should make it clearer that it's about the TLS handshake. Otherwise it's something like "unsupported protocol" or "no shared ciphers" that might not be that obvious.
* mod_s2s: Log from session loggerKim Alvefur2019-11-301-1/+1
| | | | Helps locating all messages related to a specific session
* mod_s2s: Improve log message about forbidding insecure connectionsKim Alvefur2019-11-301-1/+1
| | | | This new wording generator is nice.
* mod_net_multiplex: Add support for using ALPNKim Alvefur2019-11-291-0/+1
| | | | | | | Potentially a bit more efficient since it can jump to the selected protocol on connect instead of waiting for some data to look at. Adds a 'protocol' field to net providers for this purpose.
* mod_s2s: Prevent unhandled stanza handler from complaining about stream ↵Kim Alvefur2019-11-291-2/+2
| | | | | | features on aborted connections I have no idea why I wrote return false in e5945fb5b71f
* mod_s2s: Abort outgoing connections earlier when TLS requirement isn't satisfiedKim Alvefur2019-11-281-0/+7
| | | | | This ensures the closure reason is accurate and not reported as an authentication or other problem
* mod_s2s: Send stream errors for cert problems on outgoing connectionsKim Alvefur2019-11-281-6/+7
| | | | Rationale in comment.
* mod_s2s: Improve error in bounces due to cert validation problemsKim Alvefur2019-11-271-3/+24
|
* mod_s2s: Add error text for error replies on some s2s failures (#770)Kim Alvefur2019-11-231-5/+6
|
* s2s: Allow passing a custom error for bouncing queued stanzas (#770)Kim Alvefur2019-11-231-3/+3
| | | | Since stream errors and stanza errors are different
* mod_s2s: Wait for remote to close any connection allowing incoming stanzasKim Alvefur2019-11-181-1/+1
| | | | Ie both s2sin and bidi-enabled s2sout.
* mod_s2s: Allow passing bounce reason as an util.error object (see #770)Kim Alvefur2019-11-081-2/+9
| | | | This argument is currently unused in s2smanager.
* mod_s2s: Only nameprep stream to/from addresses if they are presentKim Alvefur2019-11-021-1/+3
| | | | Prevents traceback from nameprep(nil)
* mod_s2s: Close with a stream error in case neither SASL or Dialback are ↵Kim Alvefur2019-10-061-1/+4
| | | | | | | available This both tells the remote server and users who sent any queued stanzas why it failed.
* mod_s2s: Remove warning about hostname mismatchKim Alvefur2019-09-071-5/+0
| | | | | | It triggers on bidi-related routing where this to/from is flipped. Removing since I don't think we have ever seen this potential bug.
* mod_s2s: Insert s2sin into outgoing routing table when bidirectionalKim Alvefur2019-09-071-0/+4
|
* mod_s2s: Add function to send replies on s2sout connections that support ↵Kim Alvefur2019-09-071-0/+7
| | | | incoming traffic
* mod_s2s: Handle authentication of s2sin and s2sout the same wayKim Alvefur2019-09-071-7/+5
|
* mod_s2s: Remove obsolete cleanup codeKim Alvefur2019-09-071-7/+0
| | | | These were added by s2sout.lib
* Remove COMPAT with temporary luasec forkKim Alvefur2019-08-251-1/+0
| | | | | The changes in the temporary fork were merged into mainline luasec ca 2013 and included in the 0.5 release in 2014.
* mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connectionsKim Alvefur2018-11-102-364/+23
|
* mod_s2s: Distinguish between high and low level errors in bouncesKim Alvefur2019-08-011-2/+10
| | | | | | | | | | | | `remote-server-not-found` is reported for problems occurring without a reply `<stream>` having been opened, e.g. DNS records were not found or no TCP stream could be established to a functioning XMPP entity. `remote-server-timeout` is reported for problems that occurring after a stream has been opened, such as configuration problems, inability to perform TLS or unsuccessful certificate validation. Related: #770
* plugins: Remove tostring call from loggingKim Alvefur2019-07-301-3/+3
| | | | | | Taken care of by loggingmanager now Mass-rewrite using lua pattern like `tostring%b()`
* mod_s2s: Set warning status if not listening on any portsMatthew Wild2019-03-191-1/+1
|
* mod_tls: Restore querying for certificates on s2sKim Alvefur2019-03-111-1/+1
| | | | | The 'ssl_config' setting in the mod_s2s network service is not used. Only direct TLS ports use this currently.
* core.certmanager: Do not ask for client certificates by defaultKim Alvefur2019-03-101-0/+3
| | | | | | Since it's mostly only mod_s2s that needs to request client certificates it makes some sense to have mod_s2s ask for this, instead of having eg mod_http ask to disable it.
* mod_c2s, mod_s2s, mod_component: Log invalid XML escaped (fixes #734)Kim Alvefur2019-01-151-2/+1
| | | | See 6ed0d6224d64
* mod_s2s: Indicate origin of s2s errorKim Alvefur2018-10-081-1/+1
|
* mod_s2s: Fix previous commitKim Alvefur2018-09-301-1/+1
|
* mod_s2s: Silence luacheck warnings in s2sout moduleKim Alvefur2018-09-301-1/+3
|
* mod_s2s: Silence all warnings instead of ignoring the entire moduleKim Alvefur2018-09-301-6/+13
|
* sessionmanager, mod_s2s: Bring debug line for outgoing stanzas in line with ↵Kim Alvefur2018-07-241-1/+1
| | | | that for incoming
* mod_s2s: Reduce logging (#776)Kim Alvefur2018-07-221-2/+0
|
* Merge 0.10->trunkKim Alvefur2018-06-221-0/+3
|\
| * mod_s2s: Close sockets held by resolver (#1170)Kim Alvefur2018-06-171-0/+3
| |
* | mod_s2s: Use session logger to ease debuggingKim Alvefur2018-06-141-1/+6
| |
* | mod_s2s: Log a message before trying the next SRV recordKim Alvefur2018-06-141-0/+1
| | | | | | | | This was the only spot where it did `ip_hosts = nil` without logging
* | Merge 0.10->trunkKim Alvefur2018-06-091-1/+1
|\|
| * mod_s2s: Fix DNS timeout setting for per-session resolvers (fixes #1167)Kim Alvefur2018-06-091-1/+1
| |
* | mod_s2s: Add setting for overriding DNS resolvers (and avoid reading ↵Kim Alvefur2018-06-031-0/+6
| | | | | | | | /etc/resolv.conf every time)
* | mod_s2s: Add a counter for IPv6.Emmanuel Gil Peyrot2017-09-091-1/+7
| |
* | mod_s2s: Don't use string concatenation when passing values to loggingKim Alvefur2018-02-251-1/+1
| |
* | mod_s2s: Remove tostring() in logging since this is handled by util.format nowKim Alvefur2017-12-212-11/+11
| |
* | mod_s2s: Restructure some codeKim Alvefur2017-12-051-2/+9
| |
* | mod_s2s: Remove unused argument [luacheck]Kim Alvefur2017-12-051-1/+1
| |
* | mod_s2s: Remove unused local [luacheck]Kim Alvefur2017-12-051-1/+1
| |
* | Merge 0.10->trunkMatthew Wild2017-09-262-5/+7
|\|
| * mod_s2s: Use a separate resolver object for each outgoing sessionMatthew Wild2017-09-252-5/+7
| | | | | | | | | | | | | | | | Cleaner approach hopefully fixes problems with some peoples' DNS hanging after a while, failed DNS when a large number of queries are made at once, and source port re-use. Related issues: #487, 761, #991, #992, #1001