From bdeb5cc9c575d5f5ba62e33e9c032da47e1dcd00 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 25 Jan 2017 10:47:31 +0100 Subject: mod_c2s: Clarify that there were no *stream* features to offer --- plugins/mod_c2s.lua | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/plugins/mod_c2s.lua b/plugins/mod_c2s.lua index 041eb1f2..ce2e9a88 100644 --- a/plugins/mod_c2s.lua +++ b/plugins/mod_c2s.lua @@ -94,8 +94,8 @@ function stream_callbacks.streamopened(session, attr) if features.tags[1] or session.full_jid then send(features); else - (session.log or log)("warn", "No features to offer"); - session:close{ condition = "undefined-condition", text = "No features to proceed with" }; + (session.log or log)("warn", "No stream features to offer"); + session:close{ condition = "undefined-condition", text = "No stream features to proceed with" }; end end -- cgit v1.2.3 From 3258500edbe277d20f085985986ef806f5746e6f Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 25 Jan 2017 11:06:30 +0100 Subject: mod_tls: Add debug logging for when TLS should be doable but no ssl context was set --- plugins/mod_tls.lua | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/plugins/mod_tls.lua b/plugins/mod_tls.lua index 5869b2a5..678b4039 100644 --- a/plugins/mod_tls.lua +++ b/plugins/mod_tls.lua @@ -79,6 +79,10 @@ local function can_do_tls(session) else return false; end + if not session.ssl_ctx then + session.log("debug", "Should be able to do TLS but no context available"); + return false; + end return session.ssl_ctx; end -- cgit v1.2.3 From c7da30f634743e62b07d9be185d6f098f3e38f13 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 25 Jan 2017 11:12:43 +0100 Subject: mod_tls: Return session.ssl_ctx if not nil, like when doing the full session type check --- plugins/mod_tls.lua | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/plugins/mod_tls.lua b/plugins/mod_tls.lua index 678b4039..c5903b61 100644 --- a/plugins/mod_tls.lua +++ b/plugins/mod_tls.lua @@ -62,10 +62,10 @@ do end local function can_do_tls(session) - if session.ssl_ctx == false or not session.conn.starttls then + if session.ssl_ctx ~= nil then + return session.ssl_ctx; + elseif not session.conn.starttls then return false; - elseif session.ssl_ctx then - return true; end if session.type == "c2s_unauthed" then session.ssl_ctx = ssl_ctx_c2s; -- cgit v1.2.3 From ac7a1daba87f993330aaccba25bd7745acc8ca54 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 25 Jan 2017 11:13:40 +0100 Subject: mod_s2s: Clarify that it is stream features that can't be offered (here too) --- plugins/mod_s2s/mod_s2s.lua | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index 67af6a14..f7208ab8 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -366,8 +366,8 @@ function stream_callbacks.streamopened(session, attr) log("debug", "Sending stream features: %s", tostring(features)); session.sends2s(features); else - (session.log or log)("warn", "No features to offer, giving up"); - session:close({ condition = "undefined-condition", text = "No features to offer" }); + (session.log or log)("warn", "No stream features to offer, giving up"); + session:close({ condition = "undefined-condition", text = "No stream features to offer" }); end end elseif session.direction == "outgoing" then -- cgit v1.2.3 From befdc64576117b053b635602993b66fde4bfdc0a Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 25 Jan 2017 11:18:00 +0100 Subject: mod_c2s, mod_s2s: Remove comment that no longer applies since 946871f6e3c8 --- plugins/mod_c2s.lua | 2 -- plugins/mod_s2s/mod_s2s.lua | 2 -- 2 files changed, 4 deletions(-) diff --git a/plugins/mod_c2s.lua b/plugins/mod_c2s.lua index ce2e9a88..1374c108 100644 --- a/plugins/mod_c2s.lua +++ b/plugins/mod_c2s.lua @@ -37,8 +37,6 @@ local stream_callbacks = { default_ns = "jabber:client" }; local listener = {}; module:hook("stats-update", function () - -- Connection counter resets to 0 on load and reload - -- Bump it up to current value local count = 0; for _ in pairs(sessions) do count = count + 1; diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index f7208ab8..4b3996bb 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -44,8 +44,6 @@ local sessions = module:shared("sessions"); local log = module._log; module:hook("stats-update", function () - -- Connection counter resets to 0 on load and reload - -- Bump it up to current value local count = 0; for _ in pairs(sessions) do count = count + 1; -- cgit v1.2.3 From a67d0bfb97f2c2e0b2cd7a303accd70c95911275 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 26 Jan 2017 14:18:30 +0100 Subject: util.sslconfig: Remvoe flag merging for 'verify' as this is more of a tri-state field than a set of options --- plugins/mod_http.lua | 6 +----- util/sslconfig.lua | 2 -- 2 files changed, 1 insertion(+), 7 deletions(-) diff --git a/plugins/mod_http.lua b/plugins/mod_http.lua index 2cde9341..a15e8cda 100644 --- a/plugins/mod_http.lua +++ b/plugins/mod_http.lua @@ -162,11 +162,7 @@ module:provides("net", { default_port = 5281; encryption = "ssl"; ssl_config = { - verify = { - peer = false, - client_once = false, - "none", - } + verify = "none"; }; multiplex = { pattern = "^[A-Z]"; diff --git a/util/sslconfig.lua b/util/sslconfig.lua index c849aa28..931502b9 100644 --- a/util/sslconfig.lua +++ b/util/sslconfig.lua @@ -36,7 +36,6 @@ function handlers.options(config, field, new) config[field] = options; end -handlers.verify = handlers.options; handlers.verifyext = handlers.options; -- finalisers take something produced by handlers and return what luasec @@ -53,7 +52,6 @@ function finalisers.options(options) return output; end -finalisers.verify = finalisers.options; finalisers.verifyext = finalisers.options; -- We allow ciphers to be a list -- cgit v1.2.3