Setting ssl.verifyext enables a callback that collects all errors from
every layer of the certificate chain. Otherwise a single string is
returned, which we did not handle before.
This allows certain session-specific code that needs to run in the async
context, but is itself triggered outside of that context (e.g. timers), to
be queued.
An example of this is the session destruction code of mod_smacks, when the
hibernation timeout is reached.
This queue is used to buffer stanzas while waiting for an outgoing s2s
connection to be established.
Limit it to prevent excessive memory usage.
Default chosen to approximate how many average stanzas fits in the
server_epoll default max_send_buffer_size of 32 MiB
Returns a custom error instead of the default core.stanza_router
"Communication with remote domains is not enabled" from is sent back,
which does not describe what is happening here.
Closes#1106
This is the time after liveness checks are performed via the respective
read-timeout event, which by default involves sending a space character
but could be overridden e.g. as is done by mod_smacks.
Only advertised, unsure what we would do with it.
This merges the mod_s2s_smacks_timeout behavior from prosody-modules
This event is fired by mod_smacks when the connection has not responded
to an ack-request for a period of time defaulting to 30 seconds,
indicating that the connection has become stuck or non-responsive.
Closing it prevents routing further messages via this connection and
frees resources. A stuck connection may otherwise remain until for a
time determined by the OS TCP subsystem, which can be quite long.
Many of these fall into a few categories:
- util.cache size, must be >= 1
- byte or item counts that logically can't be negative
- port numbers that should be in 1..0xffff
The (still not published) XEP-xxxx: Stream Limits Advertisement uses the
element <max-bytes/> to advertise the maximum octet size of top level
stream elements. "size" was probably a leftover of an even earlier
version of the (Proto)XEP.
Could be used to implement custom connection methods (c.f. mod_onions)
without needing to duplicate the rest of route_to_new_session().
Adds a feature to enable detection since it can be difficult to detect
support for an event otherwise.
This change ensures we have positively verified the certificates of the server
we are connecting to before marking the session as authenticated. It protects
against situations where the verify-or-close stage of the connection was
interrupted (e.g. due to an uncaught error).
Thanks to Zash for discovery and testing.
Ensures unavailable presence and other outgoing stanzas are sent.
Waiting for c2s sessions to close first before proceeding to disable and
close s2s ensures that unavailable presence can go out, even if it
requires dialback to complete first.
Having mod_s2s know about the bidi namespace is perhaps a bit awkward
but putting this in mod_s2s_bidi would be more awkward as it has nothing
to do with limits. Some indirection event could be added in the future.
These options have been specified (and enabled) in the default config file for
a long time. However if unspecified in the config, they were not enabled. Now
they are.
This may result in a change of behaviour for people using very old config
files that lack the require_encryption options. But that's what we want.
Just dropping them isn't great but hopefully something more sensible can
be done in the future.
Will need work to ensure that this signal is handled correctly in
sending modules etc.
This field can be viewed using s2s:show(nil, "... starttls") even
without any special support in mod_admin_shell, which can be added later
to make it nicer. One can then assume that a TLS connection with an
empty / nil starttls field means Direct TLS.
The check for the type attr was lost in 11765f0605ec leading to attempts
to create error replies for error stanzas, which util.stanza rejects.
Tested by sending
<message to="reject.badxmpp.eu" type="error"><error/></message>
which produced a traceback previously.
For this, various accessor functions are now provided directly on the
sockets, which reach down into the LuaSec implementation to obtain the
information.
While this may seem of little gain at first, it hides the implementation
detail of the LuaSec+LuaSocket combination that the actual socket and
the TLS layer are separate objects.
The net gain here is that an alternative implementation does not have to
emulate that specific implementation detail and "only" has to expose
LuaSec-compatible data structures on the new functions.
Otherwise it would just report "is not trusted" unless you inspect the
logs. This message is sent to to the remote server, and will hopefully
show up in their logs, allowing the admin to fix their DANE setup.
This is the "right" thing to do. Strings were more memory-efficient, but
e.g. bypassed stanza filters at reconnection time. Also not being stanzas
prevents us from potential future work, such as merging sendq with mod_smacks.
Regarding performance: we should counter the probable negative effect of this
change with other positive changes that are desired anyway - e.g. a limit on
the size of the sendq, improved in-memory representation of stanzas, s2s
backoff (e.g. if a remote server is persistently unreachable, cache this
failure for a while and don't just keep forever queuing stanzas for it).
So that the same TLS context is used for both Direct TLS and starttls,
since they are supposed to be functionally identical apart from the few
extra round trips.
A new event is added because the 's2s-created' event fires much later,
after a connection has already been established, where we need the TLS
context before that.
Makes it faster by cutting out the roundtrips involved in <starttls/>,
at the cost of making an additional SRV lookup.
Since we already ignore a missing <starttls/> offer and try anyway there
is not much difference in security. The fact that XMPP is used and the
hostnames involved might still be visible until the future Encrypted
ClientHello extension allows hiding those too.
`reason` was often a table, so the log said "table: 0xptr" or such.
mod_c2s, mod_bosh etc logs the stream error stanza object, so better do
the same. It would be nicer if this was an util.error object, but that
will have to be a future change.
