aboutsummaryrefslogtreecommitdiffstats
path: root/plugins/mod_tls.lua
Commit message (Collapse)AuthorAgeFilesLines
* various: Require encryption by default for realKim Alvefur2021-12-251-2/+2
| | | | | | | | | These options have been specified (and enabled) in the default config file for a long time. However if unspecified in the config, they were not enabled. Now they are. This may result in a change of behaviour for people using very old config files that lack the require_encryption options. But that's what we want.
* mod_tls: Set ALPN on outgoing connectionsKim Alvefur2022-01-251-1/+2
| | | | | | | | | Relevant and sometimes needed for Direct TLS which mod_s2s uses this context for. Primarily when e.g. mod_net_multiplex or equivalent ALPN based dispatch is used. All these contexts should likely move away from mod_tls and into either mod_s2s or portmanager. The later already duplicates some of this work.
* mod_s2s: Retrieve TLS context for outgoing Direct TLS connections from mod_tlsKim Alvefur2022-01-211-1/+6
| | | | | | | | | | So that the same TLS context is used for both Direct TLS and starttls, since they are supposed to be functionally identical apart from the few extra round trips. A new event is added because the 's2s-created' event fires much later, after a connection has already been established, where we need the TLS context before that.
* mod_tls: Attempt STARTTLS on outgoing unencrypted legacy s2s connectionsKim Alvefur2021-09-011-0/+8
| | | | As suggested by RFC 7590
* Fix various spelling errors (thanks codespell)Kim Alvefur2021-07-271-1/+1
| | | | | Also special thanks to timeless, for wordlessly reminding me to check for typos.
* mod_tls: Add "support" for <failure> by closing gracefullyKim Alvefur2021-05-211-0/+6
| | | | Nicer than the "unsupported stanza type" error we get otherwise.
* mod_tls: Fix order of debug messages and tls context creationKim Alvefur2021-05-051-2/+2
| | | | | Originally added in 5b048ccd106f Merged wrong in ca01c449357f
* mod_tls: Bail out if session got destroyed while sending <proceed/>Kim Alvefur2021-04-151-0/+1
| | | | | | | Can happen in case opportunistic_writes is enabled and the session got destroyed while writing that tag. Thanks Ge0rG
* mod_tls: Ignore lack of STARTTLS offer only when s2s_require_encryption setKim Alvefur2021-01-291-1/+4
|
* mod_tls: Attempt STARTTLS even if not advertised as per RFC 7590Kim Alvefur2021-01-291-2/+6
|
* Merge 0.11->trunkKim Alvefur2020-04-261-1/+7
|\
| * mod_tls: Log when certificates are (re)loadedKim Alvefur2020-04-261-1/+7
| | | | | | | | Meant to reduce user confusion over what's reloaded and not.
* | Merge 0.11->trunkKim Alvefur2019-04-241-0/+3
|\|
| * mod_tls: Log debug message for each kind of TLS context createdKim Alvefur2019-04-231-0/+3
| | | | | | | | | | | | Creating TLS contexts triggers a lot of messages from certmanager that don't really describe their purpose. This is meant to provide hints about that.
* | mod_tls: Restore querying for certificates on s2sKim Alvefur2019-03-111-2/+6
| | | | | | | | | | The 'ssl_config' setting in the mod_s2s network service is not used. Only direct TLS ports use this currently.
* | mod_tls: Keep TLS context errors and repeat them again for each sessionKim Alvefur2018-12-281-7/+17
|/
* mod_tls: Rebuild SSL context objects on configuration reload - #701Kim Alvefur2017-04-251-1/+4
|
* mod_tls: Switch to hook_tag from hook_stanza which was renamed in 2087d42f1e77Kim Alvefur2017-03-061-2/+2
|
* mod_tls: Suppress debug message if already using encryptionKim Alvefur2017-02-251-1/+3
|
* mod_tls: Log reasons for not being able to do TLSKim Alvefur2017-02-151-0/+2
|
* mod_tls: Check that connection has starttls method first to prevent offering ↵Kim Alvefur2017-01-271-3/+3
| | | | starttls over tls (thanks Remko and Tobias)
* mod_tls: Return session.ssl_ctx if not nil, like when doing the full session ↵Kim Alvefur2017-01-251-3/+3
| | | | type check
* mod_tls: Add debug logging for when TLS should be doable but no ssl context ↵Kim Alvefur2017-01-251-0/+4
| | | | was set
* mod_tls: Verify that TLS is available before proceedingKim Alvefur2017-01-231-1/+1
|
* mod_tls: Only accept <proceed> on outgoing s2s connectionsKim Alvefur2017-01-231-5/+7
|
* mod_tls: Ignore unused argument [luacheck]Kim Alvefur2016-11-021-1/+1
|
* mod_tls: Fix ssl option fallback to a "parent" host if current host does not ↵Kim Alvefur2015-11-091-2/+2
| | | | have ssl options set (thanks 70b1)
* mod_tls: Remove unused reference to global ssl config option (certmanager ↵Kim Alvefur2015-11-091-1/+0
| | | | adds that to the context)
* mod_tls: Fix inhertinance of 'ssl' option from "parent" host to subdomain ↵Kim Alvefur2015-09-151-10/+12
| | | | (fixes #511)
* mod_tls: Treat session.ssl_ctx being false as a signal that TLS is disabledKim Alvefur2015-05-181-1/+1
|
* mod_tls: Build <starttls/> as a stanza instead of with string concatenationKim Alvefur2015-05-181-1/+2
|
* certmanager, mod_tls: Return final ssl config as third return value (fix for ↵Kim Alvefur2014-11-221-7/+7
| | | | c6caaa440e74, portmanager assumes non-falsy second return value is an error) (thanks deoren)
* mod_tls: Keep ssl config around and attach them to sessionsKim Alvefur2014-11-191-6/+12
|
* mod_legacyauth, mod_saslauth, mod_tls: Pass require_encryption as default ↵Kim Alvefur2014-10-211-1/+1
| | | | option to s2s_require_encryption so the later overrides the former
* mod_lastactivity, mod_legacyauth, mod_presence, mod_saslauth, mod_tls: Use ↵Kim Alvefur2014-07-041-1/+1
| | | | the newer stanza:get_child APIs and optimize away some table lookups
* mod_tls: Simplify and use new ssl config merging in certmanagerKim Alvefur2014-07-031-15/+17
|
* Merge 0.9->0.10Matthew Wild2014-01-181-4/+10
|\
| * mod_tls: Let s2s_secure_auth override s2s_require_encryption and warn if ↵Kim Alvefur2014-01-151-0/+6
| | | | | | | | they differ
| * mod_tls: Rename variables to be less confusingKim Alvefur2014-01-151-4/+4
| |
| * mod_tls: Log error when TLS initialization fails0.9.3Matthew Wild2014-01-121-2/+9
| |
* | Remove all trailing whitespaceFlorian Zeitz2013-08-091-1/+1
| |
* | mod_tls: Remove debug statementKim Alvefur2013-06-161-1/+0
| |
* | mod_tls: Refactor to allow separate SSL configuration for c2s and s2s ↵Kim Alvefur2013-06-131-26/+36
|/ | | | connections
* mod_tls: More use of config sections removedKim Alvefur2013-03-231-2/+2
|
* mod_announce, mod_auth_anonymous, mod_c2s, mod_c2s, mod_component, mod_iq, ↵Kim Alvefur2013-03-231-0/+1
| | | | mod_message, mod_presence, mod_tls: Access prosody.{hosts,bare_sessions,full_sessions} instead of the old globals
* mod_tls: Fix log statement (thanks Zash)Matthew Wild2012-01-181-1/+1
|
* mod_tls: Fix for components to more reliably inherit SSL settings from their ↵Matthew Wild2011-04-061-4/+3
| | | | parenthost (thanks Link Mauve)
* mod_tls: Drop 'TLS negotiation started for ...' to debug level from infoMatthew Wild2011-02-221-1/+1
|
* mod_tls: Let hosts without an 'ssl' option inherit it from their parent hosts.Waqas Hussain2010-11-101-1/+7
|
* mod_tls: Pass the hostname rather than host session to ↵Matthew Wild2010-11-081-2/+2
| | | | certmanager.create_context() (thanks darkrain)
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-01 19:33:00 +0000