| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
| |
steps
Ensures unavailable presence and other outgoing stanzas are sent.
Waiting for c2s sessions to close first before proceeding to disable and
close s2s ensures that unavailable presence can go out, even if it
requires dialback to complete first.
|
|
|
|
|
| |
Lets other things step in and do things while c2s ports are closed, e.g.
mod_smacks, or other modules with port handlers that forward to c2s.
|
| |
|
|
|
|
| |
This ensures no new clients can start connecting during shutdown
|
| |
|
|
|
|
| |
The more compact these are, the better
|
|
|
|
|
| |
But then this is the internal API which is weird and unfriendly to
expose externally. Lots of methods to wrap tho ... one day.
|
|
|
|
|
|
| |
There was a separate boolean option to enable TLS before, but it was
merged with the port number option and it seems the typed API interface
got confused.
|
|
|
|
|
| |
This ensures that registration actually works even if allow_registration
is not enabled.
|
|
|
|
|
| |
This hack is not needed since a9c975a0f113 so can be removed when
included with Prosody.
|
|
|
|
|
|
| |
Usually on port 443 to avoid restrictive firewalls.
Thanks to Holger for discussion
|
|
|
|
|
| |
Much harder to get boolean options wrong than accidentally adding
something unrecognised to a Set.
|
|
|
|
|
|
|
|
| |
The connection events are more appropriate here, where the s2s-created
events happens a bit later or earlier in a sessions lifetime depending
on its direction and for outgoing connections isn't actually the
creation time (which happens immediately after pressing enter, so not
very interesting), but rather closer to the connection time.
|
|
|
|
|
| |
Allows doing things based on connections rather than sessions, which may
have been created before or after.
|
|
|
|
|
| |
This seems like the thing to do for time, which is usually divided into
divisors divisible by 60, or multiplied by multiples of 60
|
|
|
|
|
|
|
| |
http://[::]:5280/ is as sensible as http://*:5280/ so why not
This might be a bit weird when listening no multiple interfaces but not
sure we can really do anything sensible then anyway.
|
|
|
|
|
| |
This might make the global routes less confusing sometimes, or at least
valid URLs instead of http://*:5280/ which doesn't make much sense.
|
|
|
|
|
|
|
| |
This way the host-agnostic http://*:5280/ handler is not enabled, but
BOSH can still be used with any local VirtualHost
Ref #1712
|
|
|
|
|
|
|
| |
This way the host-agnostic http://*:5280/ handler is not enabled, but
BOSH can still be used with any local VirtualHost
Ref #1712
|
| |
|
| |
|
| |
|
|
|
|
|
| |
Extra-extra obvious that no interaction with this should lead to
persisted changes
|
|
|
|
|
| |
I'm not sure what went wrong here, copy-paste mistake?
Doesn't matter as long as nobody can create nodes on this service.
|
| |
|
|
|
|
| |
Since some of the titles are quite dense
|
|
|
|
|
|
| |
It is unexpected that 'example.com' matches 'exampleicom.org' and this
use of Lua patterns is undocumented and unlikely to be widely known or
used.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The Lua string.format %q doesn't behave correctly for all characters
that should be escaped in a quoted-string. And who knows what effects
higher Unicode might have here.
Applying percent-encoding of filenames seems like the safest way to deal
with filenames, as well as being easier than implementing the actual
quoted-string transform, which seems complicated and I'm not even sure
it covers every possible character.
Filenames can safely be assumed to be UTF-8 since they are passed in an
attribute in the query without any escaping.
|
|
|
|
|
|
| |
Stops an error when extra_labels is nil since it attempts to index it
Unsure about correctness
|
| |
|
| |
|
|
|
|
|
| |
Enables generation of summaries for more than Atom without additional
modules.
|
| |
|
|
|
|
|
|
| |
Allows using different ones even if multiple semantically different
formats share the same root element xmlns, e.g. generic Atom and
XEP-0277 entries.
|
|
|
|
|
|
|
|
|
| |
Relevant and sometimes needed for Direct TLS which mod_s2s uses this
context for. Primarily when e.g. mod_net_multiplex or equivalent ALPN
based dispatch is used.
All these contexts should likely move away from mod_tls and into either
mod_s2s or portmanager. The later already duplicates some of this work.
|
| |
|
|
|
|
|
|
|
| |
As in the argument to user:create() and user:roles()
Tricky to come up with something sensible to write when Prosody core
only knows of the 'prosody:admin' role so far.
|
|
|
|
|
|
|
|
|
|
| |
So that the same TLS context is used for both Direct TLS and starttls,
since they are supposed to be functionally identical apart from the few
extra round trips.
A new event is added because the 's2s-created' event fires much later,
after a connection has already been established, where we need the TLS
context before that.
|
|
|
|
|
|
|
|
|
|
| |
Makes it faster by cutting out the roundtrips involved in <starttls/>,
at the cost of making an additional SRV lookup.
Since we already ignore a missing <starttls/> offer and try anyway there
is not much difference in security. The fact that XMPP is used and the
hostnames involved might still be visible until the future Encrypted
ClientHello extension allows hiding those too.
|
| |
|
|
|
|
| |
:include(other_set), :add(item)
|
|
|
|
| |
270047afa6af
|
|
|
|
|
|
|
|
| |
This is either caused by an earlier failure to bind http/s ports, in
which case that should be corrected, or explicitly disbling the http/s
ports, in which case ... why enable http modules?
Suggested by jonas’
|
|
|
|
|
|
|
|
| |
When http_external_url is set then the portmanager usage only really
serves as a check of whether any http service is enabled at all.
Should allow generating an URL from prosodyctl when http_external_url is
set.
|
|
|
|
|
|
|
|
|
|
| |
The roster version is stored in a pseudo-item which has the key `false`.
The if condition in the touched code attempts to guard against this, but
it does not take into account that the jid prepping returns nil instead
of false.
By moving the jid prepping into the if, we can check for the metadata
entry safely.
|
|
|
|
|
| |
An empty vCard store may look like the empty table, which does not have
the `attr` key, which would then blow up in util.stanza.deserialize.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since accessing this port directly over the wider Internet is unlikely
to intentional anymore. Most uses will likely be by reverse proxies, by
mistake or because of trouble configuring HTTPS.
Blocking mistaken uses is just a good thing, letting users send
potentially private things unencrypted tends to be Strongly Discouraged
these days.
Many reverse proxy setups operate over loopback, so listening there
instead of all interfaces is a net improvement.
Improved automatic certificate location and SNI support has mostly
eliminated the need for manual certificate configuration so HTTPS should
Just Work once certificates have been provided.
For local testing during development, connecting over loopback is likely
fine as well. When really needed, `http_interfaces` can still be set.
Suggested by Link Mauve
|
|
|
|
|
|
|
|
|
| |
If the timer activates a bit early then a task might be just a few
seconds short of being allowed to run. This would run such a task rather
than wait another hour.
The value 0.5% chosen so that a weekly task does not run an entire hour
earlier than last time.
|
| |
|
| |
|