81 commits

Author	SHA1	Message	Date
Kim Alvefur	184d6ce60b	mod_tls: Keep ssl config around and attach them to sessions	2014-11-19 14:47:49 +01:00
Kim Alvefur	ac43c71ec2	mod_legacyauth, mod_saslauth, mod_tls: Pass require_encryption as default option to s2s_require_encryption so the later overrides the former	2014-10-21 12:49:03 +02:00
Kim Alvefur	8003a40b0a	mod_lastactivity, mod_legacyauth, mod_presence, mod_saslauth, mod_tls: Use the newer stanza:get_child APIs and optimize away some table lookups	2014-07-04 22:52:34 +02:00
Kim Alvefur	4e88341951	mod_tls: Simplify and use new ssl config merging in certmanager	2014-07-03 15:35:45 +02:00
Matthew Wild	996847e180	Merge 0.9->0.10	2014-01-18 18:46:12 +00:00
Florian Zeitz	1d833bb807	Remove all trailing whitespace	2013-08-09 17:48:21 +02:00
Kim Alvefur	7c51e9ec71	mod_tls: Remove debug statement	2013-06-16 15:01:31 +02:00
Kim Alvefur	410ab5d97b	mod_tls: Let s2s_secure_auth override s2s_require_encryption and warn if they differ	2014-01-15 22:47:50 +01:00
Kim Alvefur	573c5bea61	mod_tls: Rename variables to be less confusing	2014-01-15 21:57:15 +01:00
Matthew Wild	342de92462	mod_tls: Log error when TLS initialization fails	2014-01-12 06:16:49 -05:00
Kim Alvefur	3786afa97f	mod_tls: Refactor to allow separate SSL configuration for c2s and s2s connections	2013-06-13 17:47:45 +02:00
Kim Alvefur	16c7c4e78d	mod_tls: More use of config sections removed	2013-03-23 02:35:50 +01:00
Kim Alvefur	27dc3a5b9a	mod_announce, mod_auth_anonymous, mod_c2s, mod_c2s, mod_component, mod_iq, mod_message, mod_presence, mod_tls: Access prosody.{hosts,bare_sessions,full_sessions} instead of the old globals	2013-03-23 01:27:16 +01:00
Matthew Wild	32d3713a7a	mod_tls: Fix log statement (thanks Zash)	2012-01-18 15:07:26 +00:00
Matthew Wild	2d8a08de12	mod_tls: Fix for components to more reliably inherit SSL settings from their parenthost (thanks Link Mauve)	2011-04-06 14:45:44 +01:00
Matthew Wild	2f3b7c048e	mod_tls: Drop 'TLS negotiation started for ...' to debug level from info	2011-02-22 18:29:35 +00:00
Waqas Hussain	86eb430400	mod_tls: Let hosts without an 'ssl' option inherit it from their parent hosts.	2010-11-10 02:26:18 +05:00
Matthew Wild	8e91da96f8	mod_tls: Pass the hostname rather than host session to certmanager.create_context() (thanks darkrain)	2010-11-08 03:12:30 +00:00
Matthew Wild	c6045f3c70	certmanager, hostmanager, mod_tls: Move responsibility for creating per-host SSL contexts to mod_tls, meaning reloading certs is now as trivial as reloading mod_tls	2010-11-06 18:28:15 +00:00
Matthew Wild	16fa172b23	mod_tls: Remove extraneous flag to starttls() for s2sout connecections	2010-07-22 13:13:28 +01:00
Matthew Wild	d16d14ade1	Merge 0.6->0.7	2010-03-24 22:34:59 +00:00
Matthew Wild	67a0c4e8db	mod_tls: Add s2s_allow_encryption option which, when set to false, disabled TLS for s2s	2010-03-24 20:00:22 +00:00
Matthew Wild	46c0b8c7f9	Merge 0.6->0.7	2010-03-22 17:24:55 +00:00
Matthew Wild	2bc0606453	Update copyright headers for 2010	2010-03-22 17:06:15 +00:00
Matthew Wild	8862e1b27e	Merge 0.6.2/waqas with 0.6.2/MattJ	2010-03-03 22:05:05 +00:00
Matthew Wild	8a18a4cc28	mod_tls: Only negotiate TLS on outgoing s2s connections if we have an SSL context (thanks Flo...)	2010-02-16 17:15:43 +00:00
Waqas Hussain	b4b0f22159	mod_tls: Ban TLS after auth, not before.	2010-02-14 10:00:39 +05:00
Waqas Hussain	3ca0b28b54	mod_tls: Fixed traceback during S2S TLS (nil global access).	2010-02-14 09:59:57 +05:00
Matthew Wild	8d64ab2d1f	mod_tls: Refactor to simplify detection of whether we can do TLS on a connection	2010-02-12 21:57:46 +00:00
Matthew Wild	f7573ef4ff	mod_tls: Don't offer TLS on hosts that don't have any certs	2010-02-12 21:33:22 +00:00
Waqas Hussain	1445574fd3	s2smanager, mod_compression, mod_tls: Changed event.session to event.origin for s2s-stream-features event for consistency.	2010-02-12 04:30:17 +05:00
Waqas Hussain	4233a8ccf5	mod_tls: Hook stream-features event using new events API.	2010-02-12 03:50:44 +05:00
Waqas Hussain	75459a7ca5	mod_tls: Cleanup.	2010-02-12 03:46:48 +05:00
Waqas Hussain	4df5e22f1e	mod_tls: Fixed an extra :up() in s2s stream feature generation.	2010-02-12 03:14:53 +05:00
Waqas Hussain	91d9bb9a66	mod_tls: Remove origin type check when TLS is requested (thanks MattJ).	2010-02-12 02:43:02 +05:00
Waqas Hussain	2bfb7b55ed	mod_tls: Respond with proper error when TLS cannot be negotiated.	2010-02-12 02:39:50 +05:00
Waqas Hussain	eeca1d016a	mod_tls: Inlined some code.	2010-02-12 02:32:27 +05:00
Waqas Hussain	23cbd2c45e	mod_tls: Merged duplicate code.	2010-02-12 02:15:54 +05:00
Waqas Hussain	9d2742cc9a	mod_tls: Switched to new events API.	2010-02-12 01:56:18 +05:00
Waqas Hussain	bdc87e4345	mod_tls: Slight refactoring.	2010-02-12 01:47:10 +05:00
Waqas Hussain	6d21bd8cf4	mod_tls: Don't advertise TLS after authentication.	2010-02-10 01:36:22 +05:00
Matthew Wild	0a591ad33a	mod_tls: Remove some redundant variable declarations	2010-01-31 15:40:28 +00:00
Matthew Wild	b870a3fe51	mod_tls: Set the sslctx on outgoing connections (possibly the cause of outgoing s2s connections not being encrypted)	2010-01-31 15:39:49 +00:00
Matthew Wild	f8a121c33b	mod_tls: Update for new server SSL syntax	2010-01-31 15:39:04 +00:00
Matthew Wild	0c333f589c	mod_tls: Set the sslctx on outgoing connections (possibly the cause of outgoing s2s connections not being encrypted)	2010-01-31 15:39:49 +00:00
Matthew Wild	d578bb8ff2	mod_tls: Switch to : syntax for connection methods	2009-11-21 17:16:46 +00:00
Matthew Wild	4bfd2f37a9	mod_tls: Don't offer TLS on hosts that don't have any certs	2010-02-12 21:33:22 +00:00
Waqas Hussain	db783f4a21	mod_tls: Fixed an extra :up() in s2s stream feature generation.	2010-02-12 03:14:53 +05:00
Waqas Hussain	2e726abc77	mod_tls: Respond with proper error when TLS cannot be negotiated.	2010-02-12 02:39:50 +05:00
Matthew Wild	a3472930c0	mod_tls: Offer the host-specific cert (when there is one) to incoming c2s/s2s connections, fixes #30 (thanks, albert, Flo, johnny, and all who nagged me :) )	2009-10-17 16:25:28 +01:00