mirrors/prosody
1
0
Fork 0
mirror of https://github.com/bjc/prosody.git synced 2025-04-03 05:07:42 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions
13812 commits 12 branches 100 tags 40 MiB
Commit graph

86 commits

Author SHA1 Message Date
Matthew Wild
c384aeca79 portmanager: Use alternate host (if any) for SNI (many thanks Zaak!) 
This was an oversight in the fix for #1915 in commit 4ea7bd7325be (though it
seems commit 7e9ebdc75ce4 was the first to introduce this bug).
 2025-04-02 16:13:55 +01:00
Kim Alvefur
96aadab60b core.portmanager: Restore use of per-host 'ssl' for SNI hosts. Fixes #1915. 
This was an unintentional regression, as per-host 'ssl' options became valid
in 0.12 when SNI support was added for direct TLS ports. While we encourage
most people to use the simpler automatic certificate selection (and it seems
most do, given the overlooking of this bug), there are likely always going to
be use cases for manually-configured certificates.

The issue was introduced in commit 7e9ebdc75ce4 which inadvertently removed
the per-host option checking for SNI.
 2025-03-29 22:25:19 +01:00
Matthew Wild
b4ed120963 portmanager: Expose API to get at SSL/TLS config for a given interface/port 2022-09-07 11:26:42 +01:00
Kim Alvefur
f8a2c4d7ab core.portmanager: Join strings broken into multiple lines 
Improves readability. Reduces line count. What's not to like?

The code style and luacheck rules allows longer lines, and these strings
aren't long enough to need breaking into multiple lines like this.
 2023-07-29 02:04:24 +02:00
Kim Alvefur
1ff9661412 core.portmanager: Hint at HTTP servers for conflicts over port 443 
Since 443 is just as much a web port as port 80 these days, if not more.

What's with port 81 here?
 2023-07-29 02:00:55 +02:00
Kim Alvefur
d47a7bb3bd core: Prefix module imports with prosody namespace 2023-03-17 16:23:07 +01:00
Jonas Schäfer
38346dd6f1 net: isolate LuaSec-specifics 
For this, various accessor functions are now provided directly on the
sockets, which reach down into the LuaSec implementation to obtain the
information.

While this may seem of little gain at first, it hides the implementation
detail of the LuaSec+LuaSocket combination that the actual socket and
the TLS layer are separate objects.

The net gain here is that an alternative implementation does not have to
emulate that specific implementation detail and "only" has to expose
LuaSec-compatible data structures on the new functions.
 2022-04-27 17:44:14 +02:00
Kim Alvefur
c460117e3c core.portmanager: Fix traceback on attempt to get non-existent service 
If there's no such interface:port then `data` is nil and `data.service`
errors.
 2022-02-22 13:41:05 +01:00
Kim Alvefur
cf5c477c8f core.portmanager: Also reload per-SNI certificates 2021-06-10 15:33:52 +02:00
Kim Alvefur
b665846031 core.portmanager: Reload direct TLS certificates after config reload 
This should re-create all contexts the same way as when the service was
activated, which reloads certificates.
 2021-06-10 15:30:54 +02:00
Kim Alvefur
cdb0bff7d2 core.portmanager: Factor out base TLS context creation for reuse 
Thinking I can use this to reload certificates after config reload
 2021-06-10 15:21:07 +02:00
Kim Alvefur
01c869407d core.portmanager: Fix race condition in initialization of SNI cert map 
Under some circumstances when hosts and modules are loaded in some
certain order, entries end up missing from the SNI map. This manifests
in e.g. `curl https://localhost:5281/` giving an error about
"unrecognized name".

The `service` argument is `nil` when invoked from the "host-activated"
event, leading it to iterating over every service. And then it would not
be fetching e.g. `http_host` from the config, which explains why https
would sometimes not work due to the missing name entry.

Because when `service` is included, this limits the iteration to
matching entries, while also returning the same value as the `name` loop
variable.  Because `name == service when service != nil` we can use name
instead in the body of the loop.
 2021-05-28 17:09:22 +02:00
Kim Alvefur
4cd3fcfb0b core.portmanager: Use existing http_host for https SNI mapping 2021-05-05 17:54:44 +02:00
Kim Alvefur
10fc065796 core.portmanager: Allow overriding expected SNI name per service 
E.g.

	VirtualHost"example.com"
	https_name = "xmpp.example.com"
 2021-05-05 17:52:51 +02:00
Kim Alvefur
f638628c08 core.portmanager: Log SNI hosts, services looked for 
To highlight how many these are
 2021-03-02 21:47:09 +01:00
Matthew Wild
e4f830812f portmanager: Don't auto-start network services under prosodyctl 2020-02-05 17:41:40 +00:00
Kim Alvefur
c4c6a44c30 core.portmanager: Ignore unused return variable [luacheck] 2019-12-23 21:26:51 +01:00
Kim Alvefur
4614213216 core.portmanager: Complete error message for SNI TLS context problems 2019-11-30 16:40:04 +01:00
Kim Alvefur
1f33d9c6bb core.portmanager: Fix TLS context inheritance for SNI hosts (completes SNI support) 2019-11-29 23:24:14 +01:00
Kim Alvefur
b65b591c7a core.portmanager: Don't set the first TLS context with a cert as main context 
Don't think this works and it's apparently acceptable to require SNI these days.
 2019-11-29 23:22:29 +01:00
Kim Alvefur
e3276738b3 core.portmanager: Remove unused local [luacheck] 2019-07-30 02:20:27 +02:00
Kim Alvefur
73beabd065 core.portmanager: Remove tostring call from logging 
Taken care of by loggingmanager now
 2019-07-30 02:19:54 +02:00
Kim Alvefur
aac3fbdf9b Merge 0.11->trunk 2019-04-24 18:06:48 +02:00
Kim Alvefur
06cf2e641a core.portmanager: Log debug message for each kind of TLS context created 2019-04-23 19:21:06 +02:00
Kim Alvefur
2878ed99a5 core.portmanager: Collect per-host certificates for SNI 2018-09-14 01:30:56 +02:00
Kim Alvefur
5313a0c5c6 core.portmanager: Record TLS config for each port 2018-10-10 17:23:03 +02:00
Kim Alvefur
59f517457b core.portmanager: Reduce scope of variable 
Not sure why it was all the way out there, seems like there would have
been unexpected behaviour from that
 2018-10-10 17:22:08 +02:00
Kim Alvefur
781d8a4868 core.portmanager: Use server.listen API 2018-09-13 21:17:37 +02:00
Kim Alvefur
43b814a83b vairious: Add annotation when an empty environment is set [luacheck] 2018-02-28 20:06:26 +01:00
Kim Alvefur
1ecc3a7918 core: Split some very long lines [luacheck] 2017-03-04 17:49:48 +01:00
Kim Alvefur
47fb0705f6 portmanager: Set default read size back to 4K 2016-05-04 15:31:32 +02:00
Kim Alvefur
0f3612a00a Merge 0.9->0.10 2016-01-11 15:33:18 +01:00
Kim Alvefur
14d035cf43 core: Increase default read size to "all of it", in practice 8K (size of LuaSockets buffer) 2016-01-10 23:25:00 +01:00
Kim Alvefur
2458f50dca portmanager: Lower the priority of module-supplied TLS options 2015-12-08 20:12:38 +01:00
Kim Alvefur
db2152e888 portmanager: Add forward declarations 2015-04-08 00:45:26 +02:00
Kim Alvefur
27265c20e2 core.*: Remove use of module() function 2015-02-21 10:42:19 +01:00
Matthew Wild
b925d6f580 portmanager: Remove unused argument from function [luacheck] 2015-05-13 17:08:34 +01:00
Matthew Wild
36c0cf5d9d portmanager: Rename variable to avoid name conflict [luacheck] 2015-05-13 17:08:20 +01:00
Matthew Wild
4e5f5c41ae portmanager: Add luacheck annotations 2015-05-13 17:07:30 +01:00
Matthew Wild
7b3df2bae6 portmanager, s2smanager, sessionmanager, stanza_router, storagemanager, usermanager, util.xml: Add luacheck annotations 2015-05-06 19:20:07 +01:00
Matthew Wild
322aa3c9c3 portmanager: Remove unused import of pairs() 2015-01-20 11:31:04 +00:00
Kim Alvefur
c24bed529f core.portmanager: Simplify and take advantage of new ssl config merging in certmanager 2014-07-03 15:33:11 +02:00
Matthew Wild
27b4049481 Merge 0.9->0.10 2014-04-02 17:41:38 +01:00
Matthew Wild
5273af7c22 portmanager: Make maximum read size configurable, and default to 4KB 2014-03-30 08:44:55 +01:00
Florian Zeitz
1d833bb807 Remove all trailing whitespace 2013-08-09 17:48:21 +02:00
Kim Alvefur
99c908e11a portmanager: Also include the interface the service is listening on 2013-04-29 19:40:39 +02:00
Waqas Hussain
372de588be portmanager: Include port numbers the service is listening on in the info logs. 2013-04-29 22:03:17 +05:00
Matthew Wild
4624a05183 portmanager: import pairs() (thanks Maranda) 2013-04-05 13:06:26 +01:00
Marco Cirillo
7cd207a8f6 portmanager: add logic to allow specification of service default values for ssl config and / or overrides. 2013-04-04 23:36:30 +00:00
Matthew Wild
3e788bfa6e portmanager: Log error and fail to bind when port is invalid (not a number) 2013-03-31 12:27:28 +01:00