From cc2c3463a0a968b75cd1427d60f354650f2def7d Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 9 May 2012 00:12:53 +0200 Subject: util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it. --- util/openssl.lua | 156 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 156 insertions(+) create mode 100644 util/openssl.lua diff --git a/util/openssl.lua b/util/openssl.lua new file mode 100644 index 00000000..8fdb9b4a --- /dev/null +++ b/util/openssl.lua @@ -0,0 +1,156 @@ +local type, tostring, pairs, ipairs = type, tostring, pairs, ipairs; +local t_insert, t_concat = table.insert, table.concat; +local s_format = string.format; + +local oid_xmppaddr = "1.3.6.1.5.5.7.8.5"; -- [XMPP-CORE] +local oid_dnssrv = "1.3.6.1.5.5.7.8.7"; -- [SRV-ID] + +local idna_to_ascii = require "util.encodings".idna.to_ascii; + +local _M = {}; +local config = {}; +_M.config = config; + +local ssl_config = {}; +local ssl_config_mt = {__index=ssl_config}; + +function config.new() + return setmetatable({ + req = { + distinguished_name = "distinguished_name", + req_extensions = "v3_extensions", + x509_extensions = "v3_extensions", + prompt = "no", + }, + distinguished_name = { + commonName = "example.com", + countryName = "GB", + localityName = "The Internet", + organizationName = "Your Organisation", + organizationalUnitName = "XMPP Department", + emailAddress = "xmpp@example.com", + }, + v3_extensions = { + basicConstraints = "CA:FALSE", + keyUsage = "digitalSignature,keyEncipherment", + extendedKeyUsage = "serverAuth,clientAuth", + subjectAltName = "@subject_alternative_name", + }, + subject_alternative_name = { + DNS = {}, + otherName = {}, + }, + }, ssl_config_mt); +end + +function ssl_config:serialize() + local s = ""; + for k, t in pairs(self) do + s = s .. ("[%s]\n"):format(k); + if k == "subject_alternative_name" then + for san, n in pairs(t) do + for i = 1,#n do + s = s .. s_format("%s.%d = %s\n", san, i -1, n[i]); + end + end + else + for k, v in pairs(t) do + s = s .. ("%s = %s\n"):format(k, v); + end + end + s = s .. "\n"; + end + return s; +end + +local function utf8string(s) + -- This is how we tell openssl not to encode UTF-8 strings as fake Latin1 + return s_format("FORMAT:UTF8,UTF8:%s", s); +end + +local function ia5string(s) + return s_format("IA5STRING:%s", s); +end + +local util = {}; +_M.util = { + utf8string = utf8string, + ia5string = ia5string, +}; + +local function xmppAddr(t, host) +end + +function ssl_config:add_dNSName(host) + t_insert(self.subject_alternative_name.DNS, idna_to_ascii(host)); +end + +function ssl_config:add_sRVName(host, service) + t_insert(self.subject_alternative_name.otherName, + s_format("%s;%s", oid_dnssrv, ia5string("_" .. service .."." .. idna_to_ascii(host)))); +end + +function ssl_config:add_xmppAddr(host) + t_insert(self.subject_alternative_name.otherName, + s_format("%s;%s", oid_xmppaddr, utf8string(host))); +end + +function ssl_config:from_prosody(hosts, config, certhosts, raw) + -- TODO Decide if this should go elsewhere + local found_matching_hosts = false; + for i = 1,#certhosts do + local certhost = certhosts[i]; + for name, host in pairs(hosts) do + if name == certhost or name:sub(-1-#certhost) == "."..certhost then + found_matching_hosts = true; + self:add_dNSName(name); + --print(name .. "#component_module: " .. (config.get(name, "core", "component_module") or "nil")); + if config.get(name, "core", "component_module") == nil then + self:add_sRVName(name, "xmpp-client"); + end + --print(name .. "#anonymous_login: " .. tostring(config.get(name, "core", "anonymous_login"))); + if not (config.get(name, "core", "anonymous_login") or + config.get(name, "core", "authentication") == "anonymous") then + self:add_sRVName(name, "xmpp-server"); + end + self:add_xmppAddr(name); + end + end + end + if not found_matching_hosts then + return nil, "no-matching-hosts"; + end +end + +do -- Lua to shell calls. + local function shell_escape(s) + return s:gsub("'",[['\'']]); + end + + local function serialize(f,o) + local r = {"openssl", f}; + for k,v in pairs(o) do + if type(k) == "string" then + t_insert(r, ("-%s"):format(k)); + if v ~= true then + t_insert(r, ("'%s'"):format(shell_escape(tostring(v)))); + end + end + end + for k,v in ipairs(o) do + t_insert(r, ("'%s'"):format(shell_escape(tostring(v)))); + end + return t_concat(r, " "); + end + + local os_execute = os.execute; + setmetatable(_M, { + __index=function(self,f) + return function(opts) + return 0 == os_execute(serialize(f, type(opts) == "table" and opts or {})); + end; + end; + }); +end + +return _M; -- cgit v1.2.3 From 3da90f3bb57aa94cb8e70852415f6333b212a2c4 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 9 May 2012 00:33:55 +0200 Subject: prosodyctl: Use util.openssl in certificate helpers. Improve feedback --- prosodyctl | 49 ++++++++++++++++++++++++++++--------------------- 1 file changed, 28 insertions(+), 21 deletions(-) diff --git a/prosodyctl b/prosodyctl index afd06b88..1c4d84cd 100755 --- a/prosodyctl +++ b/prosodyctl @@ -613,14 +613,10 @@ function commands.unregister(arg) return 1; end -local x509 = require "util.x509"; -local genx509san = x509.genx509san; -local opensslbaseconf = x509.baseconf; -local seralizeopensslbaseconf = x509.serialize_conf; +local openssl = require "util.openssl"; local cert_commands = {}; --- TODO Should this be moved to util.prosodyctl or x509? function cert_commands.config(arg) if #arg >= 1 and arg[1] ~= "--help" then local conf_filename = (CFG_DATADIR or ".") .. "/" .. arg[1] .. ".cnf"; @@ -628,8 +624,8 @@ function cert_commands.config(arg) and not show_yesno("Overwrite "..conf_filename .. "?") then return nil, conf_filename; end - local conf = opensslbaseconf(); - conf.subject_alternative_name = genx509san(hosts, config, arg, true) + local conf = openssl.config.new(); + conf:from_prosody(hosts, config, arg); for k, v in pairs(conf.distinguished_name) do local nv; if k == "commonName" then @@ -642,7 +638,7 @@ function cert_commands.config(arg) conf.distinguished_name[k] = nv ~= "." and nv or nil; end local conf_file = io.open(conf_filename, "w"); - conf_file:write(seralizeopensslbaseconf(conf)); + conf_file:write(conf:serialize()); conf_file:close(); print(""); show_message("Config written to " .. conf_filename); @@ -655,15 +651,19 @@ end function cert_commands.key(arg) if #arg >= 1 and arg[1] ~= "--help" then local key_filename = (CFG_DATADIR or ".") .. "/" .. arg[1] .. ".key"; - if os.execute("test -f "..key_filename) == 0 - and not show_yesno("Overwrite "..key_filename .. "?") then - return nil, key_filename; + if os.execute("test -f "..key_filename) == 0 then + if not show_yesno("Overwrite "..key_filename .. "?") then + return nil, key_filename; + end + os.remove(key_filename); -- We chmod this file to not have write permissions end local key_size = tonumber(arg[2] or show_prompt("Choose key size (2048):") or 2048); - os.execute(("openssl genrsa -out %s %d"):format(key_filename, tonumber(key_size))); - os.execute(("chmod 400 %s"):format(key_filename)); - show_message("Key written to ".. key_filename); - return nil, key_filename; + if openssl.genrsa{out=key_filename, key_size} then + os.execute(("chmod 400 '%s'"):format(key_filename)); + show_message("Key written to ".. key_filename); + return nil, key_filename; + end + show_message("There was a problem, see OpenSSL output"); else show_usage("cert key HOSTNAME ", "Generates a RSA key") end @@ -678,9 +678,11 @@ function cert_commands.request(arg) end local _, key_filename = cert_commands.key({arg[1]}); local _, conf_filename = cert_commands.config({arg[1]}); - os.execute(("openssl req -new -key %s -utf8 -config %s -out %s") - :format(key_filename, conf_filename, req_filename)); - show_message("Certificate request written to ".. req_filename); + if openssl.req{new=true, key=key_filename, utf8=true, config=conf_filename, out=req_filename} then + show_message("Certificate request written to ".. req_filename); + else + show_message("There was a problem, see OpenSSL output"); + end else show_usage("cert request HOSTNAME", "Generates a certificate request") end @@ -695,9 +697,14 @@ function cert_commands.generate(arg) end local _, key_filename = cert_commands.key({arg[1]}); local _, conf_filename = cert_commands.config({arg[1]}); - os.execute(("openssl req -new -x509 -nodes -key %s -days 365 -sha1 -utf8 -config %s -out %s") - :format(key_filename, conf_filename, cert_filename)); - show_message("Certificate written to ".. cert_filename); + local ret; + if key_filename and conf_filename and cert_filename + and openssl.req{new=true, x509=true, nodes=true, key=key_filename, + days=365, sha1=true, utf8=true, config=conf_filename, out=cert_filename} then + show_message("Certificate written to ".. cert_filename); + else + show_message("There was a problem, see OpenSSL output"); + end else show_usage("cert generate HOSTNAME", "Generates a self-signed certificate") end -- cgit v1.2.3 From c0475404c9658fd43fc0089496b48c96361135d1 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 9 May 2012 00:34:24 +0200 Subject: util.x509: Remove logic for generating certificate configs --- util/x509.lua | 105 ---------------------------------------------------------- 1 file changed, 105 deletions(-) diff --git a/util/x509.lua b/util/x509.lua index f106e6fa..19d4ec6d 100644 --- a/util/x509.lua +++ b/util/x509.lua @@ -212,109 +212,4 @@ function verify_identity(host, service, cert) return false end --- TODO Rename? Split out subroutines? --- Also, this is probably openssl specific, what TODO about that? -function genx509san(hosts, config, certhosts, raw) -- recive config through that or some better way? - local function utf8string(s) - -- This is how we tell openssl not to encode UTF-8 strings as Latin1 - return s_format("FORMAT:UTF8,UTF8:%s", s); - end - - local function ia5string(s) - return s_format("IA5STRING:%s", s); - end - - local function dnsname(t, host) - t_insert(t.DNS, idna_to_ascii(host)); - end - - local function srvname(t, host, service) - t_insert(t.otherName, s_format("%s;%s", oid_dnssrv, ia5string("_" .. service .."." .. idna_to_ascii(host)))); - end - - local function xmppAddr(t, host) - t_insert(t.otherName, s_format("%s;%s", oid_xmppaddr, utf8string(host))); - end - - ----------------------------- - - local san = { - DNS = {}; - otherName = {}; - }; - - local sslsanconf = { }; - - for i = 1,#certhosts do - local certhost = certhosts[i]; - for name, host in pairs(hosts) do - if name == certhost or name:sub(-1-#certhost) == "."..certhost then - dnsname(san, name); - --print(name .. "#component_module: " .. (config.get(name, "core", "component_module") or "nil")); - if config.get(name, "core", "component_module") == nil then - srvname(san, name, "xmpp-client"); - end - --print(name .. "#anonymous_login: " .. tostring(config.get(name, "core", "anonymous_login"))); - if not (config.get(name, "core", "anonymous_login") or - config.get(name, "core", "authentication") == "anonymous") then - srvname(san, name, "xmpp-server"); - end - xmppAddr(san, name); - end - end - end - - for t, n in pairs(san) do - for i = 1,#n do - t_insert(sslsanconf, s_format("%s.%d = %s", t, i -1, n[i])); - end - end - - return raw and sslsanconf or t_concat(sslsanconf, "\n"); -end - -function baseconf() - return { - req = { - distinguished_name = "distinguished_name", - req_extensions = "v3_extensions", - x509_extensions = "v3_extensions", - prompt = "no", - }, - distinguished_name = { - commonName = "example.com", - countryName = "GB", - localityName = "The Internet", - organizationName = "Your Organisation", - organizationalUnitName = "XMPP Department", - emailAddress = "xmpp@example.com", - }, - v3_extensions = { - basicConstraints = "CA:FALSE", - keyUsage = "digitalSignature,keyEncipherment", - extendedKeyUsage = "serverAuth,clientAuth", - subjectAltName = "@subject_alternative_name", - }, - subject_alternative_name = { }, - } -end - -function serialize_conf(conf) - local s = ""; - for k, t in pairs(conf) do - s = s .. ("[%s]\n"):format(k); - if t[1] then - for i, v in ipairs(t) do - s = s .. ("%s\n"):format(v); - end - else - for k, v in pairs(t) do - s = s .. ("%s = %s\n"):format(k, v); - end - end - s = s .. "\n"; - end - return s; -end - return _M; -- cgit v1.2.3 From 27840ebbf44e9018e705e7c692dc5541d56d6267 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 9 May 2012 01:02:00 +0200 Subject: prosodyctl: Replace hack with lfs for checking if a file exists --- prosodyctl | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/prosodyctl b/prosodyctl index 1c4d84cd..4511ec2c 100755 --- a/prosodyctl +++ b/prosodyctl @@ -614,14 +614,18 @@ function commands.unregister(arg) end local openssl = require "util.openssl"; +local lfs = require "lfs"; local cert_commands = {}; +local function ask_overwrite(filename) + return lfs.attributes(filename) and not show_yesno("Overwrite "..filename .. "?"); +end + function cert_commands.config(arg) if #arg >= 1 and arg[1] ~= "--help" then local conf_filename = (CFG_DATADIR or ".") .. "/" .. arg[1] .. ".cnf"; - if os.execute("test -f "..conf_filename) == 0 - and not show_yesno("Overwrite "..conf_filename .. "?") then + if ask_overwrite(conf_filename) then return nil, conf_filename; end local conf = openssl.config.new(); @@ -651,12 +655,10 @@ end function cert_commands.key(arg) if #arg >= 1 and arg[1] ~= "--help" then local key_filename = (CFG_DATADIR or ".") .. "/" .. arg[1] .. ".key"; - if os.execute("test -f "..key_filename) == 0 then - if not show_yesno("Overwrite "..key_filename .. "?") then - return nil, key_filename; - end - os.remove(key_filename); -- We chmod this file to not have write permissions + if ask_overwrite(key_filename) then + return nil, key_filename; end + os.remove(key_filename); -- We chmod this file to not have write permissions local key_size = tonumber(arg[2] or show_prompt("Choose key size (2048):") or 2048); if openssl.genrsa{out=key_filename, key_size} then os.execute(("chmod 400 '%s'"):format(key_filename)); @@ -672,8 +674,7 @@ end function cert_commands.request(arg) if #arg >= 1 and arg[1] ~= "--help" then local req_filename = (CFG_DATADIR or ".") .. "/" .. arg[1] .. ".req"; - if os.execute("test -f "..req_filename) == 0 - and not show_yesno("Overwrite "..req_filename .. "?") then + if ask_overwrite(req_filename) then return nil, req_filename; end local _, key_filename = cert_commands.key({arg[1]}); @@ -691,9 +692,8 @@ end function cert_commands.generate(arg) if #arg >= 1 and arg[1] ~= "--help" then local cert_filename = (CFG_DATADIR or ".") .. "/" .. arg[1] .. ".cert"; - if os.execute("test -f "..cert_filename) == 0 - and not show_yesno("Overwrite "..cert_filename .. "?") then - return nil, cert_filename; + if ask_overwrite(cert_filename) then + return nil, conf_filename; end local _, key_filename = cert_commands.key({arg[1]}); local _, conf_filename = cert_commands.config({arg[1]}); -- cgit v1.2.3 From 79dfc716bdd1fd994972f578f8347952ec78ba81 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 9 May 2012 01:11:27 +0200 Subject: prosodyctl: Show an error if the user doesn't supply a hostname to the certificate commands --- prosodyctl | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/prosodyctl b/prosodyctl index 4511ec2c..40a15010 100755 --- a/prosodyctl +++ b/prosodyctl @@ -205,6 +205,7 @@ local error_messages = setmetatable({ ["invalid-hostname"] = "The given hostname is invalid"; ["no-password"] = "No password was supplied"; ["no-such-user"] = "The given user does not exist on the server"; + ["no-such-host"] = "The given hostname does not exist in the config"; ["unable-to-save-data"] = "Unable to store, perhaps you don't have permission?"; ["no-pidfile"] = "There is no 'pidfile' option in the configuration file, see http://prosody.im/doc/prosodyctl#pidfile for help"; ["no-posix"] = "The mod_posix module is not enabled in the Prosody config file, see http://prosody.im/doc/prosodyctl for more info"; @@ -648,7 +649,7 @@ function cert_commands.config(arg) show_message("Config written to " .. conf_filename); return nil, conf_filename; else - show_usage("cert config HOSTNAME", "generates config for OpenSSL") + show_usage("cert config HOSTNAME", "builds a config for OpenSSL") end end @@ -714,6 +715,10 @@ function commands.cert(arg) if #arg >= 1 and arg[1] ~= "--help" then local subcmd = table.remove(arg, 1); if type(cert_commands[subcmd]) == "function" then + if not hosts[arg[1]] then + show_message(error_messages["no-such-host"]); + return + end return cert_commands[subcmd](arg); end end -- cgit v1.2.3 From ce764dee87dc63387c9327179d022bf792e77123 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 9 May 2012 01:26:56 +0200 Subject: util.hashes: Use defined hash function output lengths. --- util-src/hashes.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/util-src/hashes.c b/util-src/hashes.c index 33a9be89..7d263a78 100644 --- a/util-src/hashes.c +++ b/util-src/hashes.c @@ -46,9 +46,9 @@ static int myFunc(lua_State *L) { \ return 1; \ } -MAKE_HASH_FUNCTION(Lsha1, SHA1, 20) -MAKE_HASH_FUNCTION(Lsha256, SHA256, 32) -MAKE_HASH_FUNCTION(Lmd5, MD5, 16) +MAKE_HASH_FUNCTION(Lsha1, SHA1, SHA_DIGEST_LENGTH) +MAKE_HASH_FUNCTION(Lsha256, SHA256, SHA256_DIGEST_LENGTH) +MAKE_HASH_FUNCTION(Lmd5, MD5, MD5_DIGEST_LENGTH) static const luaL_Reg Reg[] = { -- cgit v1.2.3 From 150e5e4aecd35aa736a6eb053e1da2f68355d50e Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 10 May 2012 05:57:24 +0200 Subject: util.hashes: Add sha224, sha384, sha512 --- util-src/hashes.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/util-src/hashes.c b/util-src/hashes.c index 7d263a78..317deaf3 100644 --- a/util-src/hashes.c +++ b/util-src/hashes.c @@ -47,13 +47,19 @@ static int myFunc(lua_State *L) { \ } MAKE_HASH_FUNCTION(Lsha1, SHA1, SHA_DIGEST_LENGTH) +MAKE_HASH_FUNCTION(Lsha224, SHA224, SHA224_DIGEST_LENGTH) MAKE_HASH_FUNCTION(Lsha256, SHA256, SHA256_DIGEST_LENGTH) +MAKE_HASH_FUNCTION(Lsha384, SHA384, SHA384_DIGEST_LENGTH) +MAKE_HASH_FUNCTION(Lsha512, SHA512, SHA512_DIGEST_LENGTH) MAKE_HASH_FUNCTION(Lmd5, MD5, MD5_DIGEST_LENGTH) static const luaL_Reg Reg[] = { { "sha1", Lsha1 }, + { "sha224", Lsha224 }, { "sha256", Lsha256 }, + { "sha384", Lsha384 }, + { "sha512", Lsha512 }, { "md5", Lmd5 }, { NULL, NULL } }; -- cgit v1.2.3 From 1453797d68201f2f1cf17e96cb8b39c107779610 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 10 May 2012 23:00:45 +0200 Subject: util.rfc3484: Don't pollute the global scope. --- util/rfc3484.lua | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/util/rfc3484.lua b/util/rfc3484.lua index dd855a84..5ee572a0 100644 --- a/util/rfc3484.lua +++ b/util/rfc3484.lua @@ -19,7 +19,7 @@ local function t_sort(t, comp) end end -function source(dest, candidates) +local function source(dest, candidates) local function comp(ipA, ipB) -- Rule 1: Prefer same address if dest == ipA then @@ -70,7 +70,7 @@ function source(dest, candidates) return candidates[1]; end -function destination(candidates, sources) +local function destination(candidates, sources) local sourceAddrs = {}; local function comp(ipA, ipB) local ipAsource = sourceAddrs[ipA]; -- cgit v1.2.3 From 2cd39663b68f1936e5e086d14693a2e50f0e366a Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 10 May 2012 23:01:10 +0200 Subject: s2smanager: Clean up unused imports. --- core/s2smanager.lua | 24 ++---------------------- 1 file changed, 2 insertions(+), 22 deletions(-) diff --git a/core/s2smanager.lua b/core/s2smanager.lua index 5907ff2f..a4b75db5 100644 --- a/core/s2smanager.lua +++ b/core/s2smanager.lua @@ -9,37 +9,17 @@ local hosts = hosts; -local core_process_stanza = function(a, b) core_process_stanza(a, b); end -local format = string.format; -local t_insert, t_sort = table.insert, table.sort; -local get_traceback = debug.traceback; -local tostring, pairs, ipairs, getmetatable, newproxy, type, error, tonumber, setmetatable - = tostring, pairs, ipairs, getmetatable, newproxy, type, error, tonumber, setmetatable; - -local initialize_filters = require "util.filters".initialize; -local wrapclient = require "net.server".wrapclient; -local st = require "stanza"; -local stanza = st.stanza; -local nameprep = require "util.encodings".stringprep.nameprep; -local cert_verify_identity = require "util.x509".verify_identity; -local new_ip = require "util.ip".new_ip; -local rfc3484_dest = require "util.rfc3484".destination; +local tostring, pairs, ipairs, getmetatable, newproxy, setmetatable + = tostring, pairs, ipairs, getmetatable, newproxy, setmetatable; local fire_event = prosody.events.fire_event; -local uuid_gen = require "util.uuid".generate; - local logger_init = require "util.logger".init; local log = logger_init("s2smanager"); -local sha256_hash = require "util.hashes".sha256; - local adns, dns = require "net.adns", require "net.dns"; local config = require "core.configmanager"; local dns_timeout = config.get("*", "core", "dns_timeout") or 15; -local cfg_sources = config.get("*", "core", "s2s_interface") - or config.get("*", "core", "interface"); -local sources; --FIXME: s2sout should create its own resolver w/ timeout dns.settimeout(dns_timeout); -- cgit v1.2.3 From 3713488b271aee3c381048843c82d57d328df346 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 10 May 2012 23:05:03 +0200 Subject: s2smanager, mod_s2s: Move checking DNS timeout option to mod_s2s --- core/s2smanager.lua | 5 ----- plugins/mod_s2s/s2sout.lib.lua | 2 ++ 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/core/s2smanager.lua b/core/s2smanager.lua index a4b75db5..ea626baa 100644 --- a/core/s2smanager.lua +++ b/core/s2smanager.lua @@ -17,12 +17,7 @@ local logger_init = require "util.logger".init; local log = logger_init("s2smanager"); -local adns, dns = require "net.adns", require "net.dns"; local config = require "core.configmanager"; -local dns_timeout = config.get("*", "core", "dns_timeout") or 15; - ---FIXME: s2sout should create its own resolver w/ timeout -dns.settimeout(dns_timeout); local prosody = _G.prosody; incoming_s2s = {}; diff --git a/plugins/mod_s2s/s2sout.lib.lua b/plugins/mod_s2s/s2sout.lib.lua index f3496597..2ddc9299 100644 --- a/plugins/mod_s2s/s2sout.lib.lua +++ b/plugins/mod_s2s/s2sout.lib.lua @@ -26,6 +26,8 @@ local log = module._log; local sources = {}; +local dns_timeout = module:get_option_number("dns_timeout", 15); +dns.settimeout(dns_timeout); local max_dns_depth = module:get_option_number("dns_max_depth", 3); local s2sout = {}; -- cgit v1.2.3