aboutsummaryrefslogtreecommitdiffstats
path: root/plugins/mod_s2s_auth_certs.lua
Commit message (Collapse)AuthorAgeFilesLines
* mod_s2s_auth_certs: Validate certificates against secure SRV targetsKim Alvefur2022-12-221-0/+10
| | | | | | | Secure delegation or "Mini-DANE" As with the existing DANE support, only usable in one direction, client certificate authentication will fail if this is relied on.
* Revert unintentionally committed parts of 12bd40b8e105Kim Alvefur2022-12-211-10/+0
|
* mod_c2s,mod_s2s: Adapt to XEP-xxxx: Stream Limits AdvertisementKim Alvefur2022-10-201-0/+10
| | | | Thanks MattJ
* net: isolate LuaSec-specificsJonas Schäfer2022-04-271-3/+3
| | | | | | | | | | | | | | For this, various accessor functions are now provided directly on the sockets, which reach down into the LuaSec implementation to obtain the information. While this may seem of little gain at first, it hides the implementation detail of the LuaSec+LuaSocket combination that the actual socket and the TLS layer are separate objects. The net gain here is that an alternative implementation does not have to emulate that specific implementation detail and "only" has to expose LuaSec-compatible data structures on the new functions.
* mod_s2s_auth_certs: Collect stats on validation results (for #975)Kim Alvefur2021-10-051-0/+4
|
* mod_s2s_auth_certs: Save chain validation errors for later useKim Alvefur2019-11-271-0/+1
|
* Remove COMPAT with temporary luasec forkKim Alvefur2019-08-251-3/+0
| | | | | The changes in the temporary fork were merged into mainline luasec ca 2013 and included in the 0.5 release in 2014.
* mod_s2s_auth_certs: Warn about lack of certificate (Mostly jabberd14 not ↵Kim Alvefur2014-08-291-29/+32
| | | | sending a client certificate)
* mod_s2s_auth_certs: Pick a logging function once and stick with itKim Alvefur2014-07-251-4/+5
|
* mod_s2s_auth_certs: Split PKIX based certificate checking from mod_s2s into ↵Kim Alvefur2014-07-251-0/+45
new plugin