From 26cd63e77f53b850e5fc340a3b7981470cbde38d Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Tue, 14 Oct 2014 18:55:08 +0100 Subject: certmanager, net.http: Disable SSLv3 by default --- core/certmanager.lua | 2 +- net/http.lua | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/core/certmanager.lua b/core/certmanager.lua index d6784a96..624bd841 100644 --- a/core/certmanager.lua +++ b/core/certmanager.lua @@ -33,7 +33,7 @@ module "certmanager" local default_ssl_config = configmanager.get("*", "ssl"); local default_capath = "/etc/ssl/certs"; local default_verify = (ssl and ssl.x509 and { "peer", "client_once", }) or "none"; -local default_options = { "no_sslv2", "cipher_server_preference", luasec_has_noticket and "no_ticket" or nil }; +local default_options = { "no_sslv2", "no_sslv3", "cipher_server_preference", luasec_has_noticket and "no_ticket" or nil }; local default_verifyext = { "lsec_continue", "lsec_ignore_purpose" }; if ssl and not luasec_has_verifyext and ssl.x509 then diff --git a/net/http.lua b/net/http.lua index 9dde6062..8ce47494 100644 --- a/net/http.lua +++ b/net/http.lua @@ -175,7 +175,7 @@ function request(u, ex, callback) local sslctx = false; if using_https then - sslctx = ex and ex.sslctx or { mode = "client", protocol = "sslv23", options = { "no_sslv2" } }; + sslctx = ex and ex.sslctx or { mode = "client", protocol = "sslv23", options = { "no_sslv2", "no_sslv3" } }; end req.handler, req.conn = assert(server.wrapclient(conn, host, port_number, listener, "*a", sslctx)); -- cgit v1.2.3 -- cgit v1.2.3 From 5daa7d93876b46d4bbb0d8d2486351e0b2d8da5f Mon Sep 17 00:00:00 2001 From: Waqas Hussain Date: Sun, 19 Oct 2014 03:05:49 -0400 Subject: prosodyctl: Fix nil global access traceback in `prosodyctl about` (luarocks 2.2.0 no longer uses module()) --- prosodyctl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/prosodyctl b/prosodyctl index 8580aaf6..4c3ae981 100755 --- a/prosodyctl +++ b/prosodyctl @@ -548,7 +548,7 @@ function commands.about(arg) print(" "..path); end print(""); - local luarocks_status = (pcall(require, "luarocks.loader") and "Installed ("..(luarocks.cfg.program_version or "2.x+")..")") + local luarocks_status = (pcall(require, "luarocks.loader") and "Installed ("..(package.loaded["luarocks.cfg"].program_version or "2.x+")..")") or (pcall(require, "luarocks.require") and "Installed (1.x)") or "Not installed"; print("LuaRocks: ", luarocks_status); -- cgit v1.2.3 From 886aa3c20ac5c407fe07ca6abe3d64fa48ab471b Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Fri, 24 Oct 2014 23:20:06 +0100 Subject: Backout changeset 6e67c73f730c: not a major fix and it breaks interop with at least Isode M-Link, and possibly standards, while it's not clear it actually fixes the original problem either. --- util/stanza.lua | 15 ++------------- 1 file changed, 2 insertions(+), 13 deletions(-) diff --git a/util/stanza.lua b/util/stanza.lua index 2fcf2c79..7c214210 100644 --- a/util/stanza.lua +++ b/util/stanza.lua @@ -202,19 +202,8 @@ end local xml_escape do - local escape_table = { - ["'"] = "'"; - ['"'] = """; - ["<"] = "<"; - [">"] = ">"; - ["&"] = "&"; - -- escape this whitespace because [\r\n\t] change into spaces in attributes - -- and \r\n changes into \n in text, and we want to preserve original bytes - ["\t"] = " "; - ["\n"] = " "; - ["\r"] = " "; - }; - function xml_escape(str) return (s_gsub(str, "['&<>\"\t\n\r]", escape_table)); end + local escape_table = { ["'"] = "'", ["\""] = """, ["<"] = "<", [">"] = ">", ["&"] = "&" }; + function xml_escape(str) return (s_gsub(str, "['&<>\"]", escape_table)); end _M.xml_escape = xml_escape; end -- cgit v1.2.3 -- cgit v1.2.3