From cf984835d120a714e2ed4337f8522e935cf85498 Mon Sep 17 00:00:00 2001
From: Kim Alvefur <zash@zash.se>
Date: Tue, 15 Jan 2019 20:08:30 +0100
Subject: mod_c2s, mod_s2s, mod_component: Log invalid XML escaped (fixes #734)

See 6ed0d6224d64
---
 plugins/mod_s2s/mod_s2s.lua | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to 'plugins/mod_s2s/mod_s2s.lua')

diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua
index aae37b7f..79308847 100644
--- a/plugins/mod_s2s/mod_s2s.lua
+++ b/plugins/mod_s2s/mod_s2s.lua
@@ -595,8 +595,7 @@ local function initialize_session(session)
 		if data then
 			local ok, err = stream:feed(data);
 			if ok then return; end
-			log("warn", "Received invalid XML: %s", data);
-			log("warn", "Problem was: %s", err);
+			log("debug", "Received invalid XML (%s) %d bytes: %q", tostring(err), #data, data:sub(1, 300));
 			session:close("not-well-formed");
 		end
 	end
-- 
cgit v1.2.3


From 9f65ce71893ef10485442ee209472a38865da081 Mon Sep 17 00:00:00 2001
From: Kim Alvefur <zash@zash.se>
Date: Sun, 10 Mar 2019 19:58:28 +0100
Subject: core.certmanager: Do not ask for client certificates by default

Since it's mostly only mod_s2s that needs to request client
certificates it makes some sense to have mod_s2s ask for this, instead
of having eg mod_http ask to disable it.
---
 plugins/mod_s2s/mod_s2s.lua | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'plugins/mod_s2s/mod_s2s.lua')

diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua
index 79308847..b0d551fe 100644
--- a/plugins/mod_s2s/mod_s2s.lua
+++ b/plugins/mod_s2s/mod_s2s.lua
@@ -738,6 +738,9 @@ module:provides("net", {
 	listener = listener;
 	default_port = 5269;
 	encryption = "starttls";
+	ssl_config = {
+		verify = { "peer", "client_once", };
+	};
 	multiplex = {
 		pattern = "^<.*:stream.*%sxmlns%s*=%s*(['\"])jabber:server%1.*>";
 	};
-- 
cgit v1.2.3


From b246b00f85b1973058f8b607190a72168380dbc3 Mon Sep 17 00:00:00 2001
From: Kim Alvefur <zash@zash.se>
Date: Mon, 11 Mar 2019 13:07:59 +0100
Subject: mod_tls: Restore querying for certificates on s2s

The 'ssl_config' setting in the mod_s2s network service is not used.
Only direct TLS ports use this currently.
---
 plugins/mod_s2s/mod_s2s.lua | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'plugins/mod_s2s/mod_s2s.lua')

diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua
index b0d551fe..f0fdc5fb 100644
--- a/plugins/mod_s2s/mod_s2s.lua
+++ b/plugins/mod_s2s/mod_s2s.lua
@@ -738,7 +738,7 @@ module:provides("net", {
 	listener = listener;
 	default_port = 5269;
 	encryption = "starttls";
-	ssl_config = {
+	ssl_config = { -- FIXME This is not used atm, see mod_tls
 		verify = { "peer", "client_once", };
 	};
 	multiplex = {
-- 
cgit v1.2.3