mirrors/prosody
1
0
Fork 0
mirror of https://github.com/bjc/prosody.git synced 2025-04-03 05:07:42 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions
13812 commits 12 branches 100 tags 40 MiB
Commit graph

56 commits

Author SHA1 Message Date
Kim Alvefur
869581384d net: Prefix module imports with prosody namespace 2023-03-17 16:23:12 +01:00
Kim Alvefur
d257416abe net.resolvers.basic: Record hostname coming from secure SRV records 
Will be useful even later...
 2022-12-22 00:11:23 +01:00
Kim Alvefur
3c7f73e6c8 net.resolvers.service: Record DNSSEC security status of SRV records 
Will be useful later.
 2022-12-22 00:10:49 +01:00
Kim Alvefur
325464eb11 net.resolvers.service: Fix reporting of Bogus DNSSEC results 
The order of checks led to Bogus results being reported with a generic
"unable to resolve service".  This had no practical effects as such
results are simply empty and the process would stop there.

Tested by attempting to establish s2s with dnssec-bogus.sg and observing
the error reply.
 2022-12-21 23:46:37 +01:00
Kim Alvefur
62f32cd01d Revert unintentionally committed parts of 12bd40b8e105 2022-12-21 21:34:07 +01:00
Kim Alvefur
a46ae8cb89 mod_c2s,mod_s2s: Adapt to XEP-xxxx: Stream Limits Advertisement 
Thanks MattJ
 2022-10-20 14:04:56 +02:00
Kim Alvefur
79f4868b63 net.resolvers.basic: Add opt-out argument for DNSSEC security status 
This makes explicit which lookups can accept an unsigned response.

Insecure (unsigned, as before DNSSEC) A and AAAA records can be used as
security would come from TLS, but an insecure TLSA record is worthless.
 2022-08-02 16:08:43 +02:00
Kim Alvefur
5251c9b686 compat: Remove handling of Lua 5.1 location of 'unpack' function 2022-07-11 19:07:38 +02:00
Matthew Wild
860f7d6b7d net.resolvers.basic: Fix incorrect field name (thanks CI) 2022-03-18 20:14:20 +00:00
Matthew Wild
6050cd0da5 net.resolvers.basic: Indicate to callback if we have more targets available 2022-03-18 16:13:09 +00:00
Matthew Wild
3c5d7eaef1 net.resolvers.basic: Alternate IP address family targets, per RFC 8305 2022-03-18 16:10:26 +00:00
Matthew Wild
668bd38c71 net.resolvers.basic: Refactor to remove code duplication 
...and prepare for Happy Eyeballs
 2022-03-18 16:09:22 +00:00
Matthew Wild
d26811f5e5 net.resolvers.service: Honour record 'weight' when picking SRV targets 
#NotHappyEyeballs
 2022-03-17 18:20:26 +00:00
Kim Alvefur
f31762a075 net.resolvers.chain: A resolver for combining other resolvers 
Say if you wanted to try both _xmpp and _xmpps services
 2022-01-21 17:56:20 +01:00
Kim Alvefur
e469d015af net.resolvers: Report DNSSEC validation errors instead of NoError 
Thanks Martin bringing this case to attention
 2021-12-28 14:58:09 +01:00
Kim Alvefur
96b6f68b23 net.resolvers: Report when hostname fails IDNA 
Not a particularly user-friendly error message, but better than "unable
to resolve service" and having no clue where it came from.
 2021-12-07 21:43:36 +01:00
Kim Alvefur
93121127fa net.connect: Propagate last error message from resolvers 
Previously it would only say "unable to resolve server" for all DNS
problems. While "NoError in A lookup" might not make much sense to
users, it should help in debugging more than the previous generic error.

Friendlier errors will be future work.
 2021-11-12 16:52:55 +01:00
Kim Alvefur
07ef92dbd8 net.resolvers.service: Only do DANE with secure SRV records 
If this seems backwards, that' because it is but the API isn't really
designed to easily pass along details from each resolution step onto the
next.
 2021-07-18 23:25:45 +02:00
Kim Alvefur
360eda6cd3 Revert 926d53af9a7a: Restore DANE support 
Previous commit adds a workaround, so this doesn't mutate global state
anymore, only per-connection 'extra' state as originally intended.
 2021-07-18 21:57:24 +02:00
Kim Alvefur
409c611a37 net.resolvers.basic: Fix completion condition when IPv6 is disabled 
Fixes mistake introduced in 5a71f14ab77c that made it so this ready()
newer got called and thus it would be stuck waiting for it.

Looks like the kind of thing that could have been introduced by a merge
or rebase.

Thanks MattJ
 2021-03-15 23:09:42 +01:00
Kim Alvefur
3559d707bf net.resolvers.basic: Disable DANE for now, completely broken 
Turns out 'extra' is, at least for mod_s2s, the same table for *all*
connections.
 2021-03-03 20:48:54 +01:00
Kim Alvefur
60ec880c48 net.resolvers.basic: Don't enable DANE with zero TLSA records 
Turns out it doesn't work with zero.
 2021-03-03 18:42:54 +01:00
Kim Alvefur
63c92d0897 net.connect: Add DANE support 
Disabled DANE by default, since it needs extra steps to be useful.  The
built-in DNS stub resolver does not support DNSSEC so having DANE
enabled by default only leads to an extra wasted DNS request.
 2021-03-02 22:41:59 +01:00
Matthew Wild
a2ef355d20 Merge 0.11->trunk 2020-07-10 13:01:17 +01:00
Matthew Wild
a80cdecc46 net.resolvers.basic: Default conn_type to 'tcp' consistently if unspecified (thanks marc0s) 
Fixes a traceback when passed an IP address with no conn_type.
 2020-07-10 13:00:02 +01:00
Kim Alvefur
300a9a56c5 net.resolvers: Remove FIXMEs obsoleted by switch to libunbound 2020-06-25 19:24:58 +02:00
Kim Alvefur
7b89ab9b86 net.connect: Remove TODO about use_ipv4/6 done in 3bfb20be844c 2020-06-22 01:42:18 +02:00
Kim Alvefur
dce92c437a net.resolvers.service: Fix resolving of targets with multiple IPs 
Each basic resolver was only used once and not kept around to try any
IP addresses but the first one found.
 2020-02-16 23:48:31 +01:00
Kim Alvefur
6137789b45 net.resolvers.basic: Fix continuing if IPv6 or Legacy IP is disabled 
The code expects ready() to be called twice, but with IPv4 or v6
disabled it would only be called once.
 2020-01-26 14:35:35 +01:00
Matthew Wild
d1fbb9197f net.resolvers.basic: Obey extra.use_ipv4/use_ipv6 2020-01-25 14:38:17 +00:00
Matthew Wild
b20f96afc1 net.resolvers.basic: Obey use_ipv4/use_ipv6 2020-01-25 14:03:30 +00:00
Kim Alvefur
9d5c3cb856 net.connect: Mention RFC 6724 regression 
Default Address Selection algorithm is not applied, resulting in a
strong bias towards IPv4.
 2019-12-07 17:39:29 +01:00
Kim Alvefur
40ffc88bad net.connect: Add some TODOs and FIXMEs 
And mention issue numbers: #1246, #1428 and #1429
 2019-12-07 17:05:00 +01:00
Kim Alvefur
10aa40227b Merge 0.11->trunk 2019-11-24 04:46:36 +01:00
Kim Alvefur
ae03335f0b net.resolvers.service: Pass IP literals directly to basic resolver 
IP literals will not work with SRV records anyways.

Fixes s2s with IP literals.
 2019-11-24 04:43:14 +01:00
Kim Alvefur
c3581958f7 net.resolvers.basic: Normalise IP literals, ensures net.server is happy 2019-11-24 04:41:07 +01:00
Kim Alvefur
42b9614fe2 Merge 0.11->trunk 2019-11-24 04:30:32 +01:00
Kim Alvefur
9c9722935a net.resolvers.basic: Fix resolution of IPv6 literals (in brackets) (fixes #1459) 2019-11-24 04:26:44 +01:00
Kim Alvefur
7c056be161 net.resolvers.basic: Move IP literal check to constructor 
This is to prepare for fixing #1459. An IPv6 literal in [ ] brackets
does not pass IDNA and resolving it fails there.
 2019-11-24 04:23:51 +01:00
Kim Alvefur
2a8b031b75 net.resolvers: Fix traceback from hostname failing IDNA 
Related to #1426
 2019-11-08 00:54:56 +01:00
Kim Alvefur
9c2a74d09c net.resolvers: Abort on hostnames not passing IDNA validation 
Prevents error on trying to use nil.

Needs better error reporting in the future.
 2019-11-02 19:36:19 +01:00
Kim Alvefur
ba431b5efc net.resolvers: Apply IDNA conversion to ascii for DNS lookups (fixes #1426) 2019-11-02 19:24:26 +01:00
Kim Alvefur
03197f584d Merge 0.11->trunk 2019-11-08 00:58:03 +01:00
Kim Alvefur
690775a9b4 Merge 0.11->trunk 2019-11-02 19:38:12 +01:00
Kim Alvefur
469ce79a49 net.resolvers.service: Fix DNS fallback 2019-08-17 15:40:52 +02:00
Kim Alvefur
83e1a2af50 net.resolvers.basic: Suffix IPv4 TCP socket types with '4' to match eg 'tcp6' 2018-10-12 16:25:30 +02:00
Kim Alvefur
e8e4292dc4 net.resolvers.service: Sort SRV records in correct direction 2018-09-30 13:02:46 +02:00
Kim Alvefur
ca4804c413 net.resolvers.service: Fix sorting SRV record 2018-09-30 12:51:34 +02:00
Kim Alvefur
bb9b344fee net.resolvers.service: Rename internal variable since net.connect uses it for __tostring 2018-09-29 23:04:53 +02:00
Kim Alvefur
6dfb01673a net.resolvers.service: Add support for fallback to bare domain and default port 
The default port must be configured separately to enable this behavior
 2018-09-29 22:03:16 +02:00