73 commits

Author	SHA1	Message	Date
Florian Zeitz	1d833bb807	Remove all trailing whitespace	2013-08-09 17:48:21 +02:00
Kim Alvefur	7c51e9ec71	mod_tls: Remove debug statement	2013-06-16 15:01:31 +02:00
Kim Alvefur	3786afa97f	mod_tls: Refactor to allow separate SSL configuration for c2s and s2s connections	2013-06-13 17:47:45 +02:00
Kim Alvefur	16c7c4e78d	mod_tls: More use of config sections removed	2013-03-23 02:35:50 +01:00
Kim Alvefur	27dc3a5b9a	mod_announce, mod_auth_anonymous, mod_c2s, mod_c2s, mod_component, mod_iq, mod_message, mod_presence, mod_tls: Access prosody.{hosts,bare_sessions,full_sessions} instead of the old globals	2013-03-23 01:27:16 +01:00
Matthew Wild	32d3713a7a	mod_tls: Fix log statement (thanks Zash)	2012-01-18 15:07:26 +00:00
Matthew Wild	2d8a08de12	mod_tls: Fix for components to more reliably inherit SSL settings from their parenthost (thanks Link Mauve)	2011-04-06 14:45:44 +01:00
Matthew Wild	2f3b7c048e	mod_tls: Drop 'TLS negotiation started for ...' to debug level from info	2011-02-22 18:29:35 +00:00
Waqas Hussain	86eb430400	mod_tls: Let hosts without an 'ssl' option inherit it from their parent hosts.	2010-11-10 02:26:18 +05:00
Matthew Wild	8e91da96f8	mod_tls: Pass the hostname rather than host session to certmanager.create_context() (thanks darkrain)	2010-11-08 03:12:30 +00:00
Matthew Wild	c6045f3c70	certmanager, hostmanager, mod_tls: Move responsibility for creating per-host SSL contexts to mod_tls, meaning reloading certs is now as trivial as reloading mod_tls	2010-11-06 18:28:15 +00:00
Matthew Wild	16fa172b23	mod_tls: Remove extraneous flag to starttls() for s2sout connecections	2010-07-22 13:13:28 +01:00
Matthew Wild	d16d14ade1	Merge 0.6->0.7	2010-03-24 22:34:59 +00:00
Matthew Wild	67a0c4e8db	mod_tls: Add s2s_allow_encryption option which, when set to false, disabled TLS for s2s	2010-03-24 20:00:22 +00:00
Matthew Wild	46c0b8c7f9	Merge 0.6->0.7	2010-03-22 17:24:55 +00:00
Matthew Wild	2bc0606453	Update copyright headers for 2010	2010-03-22 17:06:15 +00:00
Matthew Wild	8862e1b27e	Merge 0.6.2/waqas with 0.6.2/MattJ	2010-03-03 22:05:05 +00:00
Matthew Wild	8a18a4cc28	mod_tls: Only negotiate TLS on outgoing s2s connections if we have an SSL context (thanks Flo...)	2010-02-16 17:15:43 +00:00
Waqas Hussain	b4b0f22159	mod_tls: Ban TLS after auth, not before.	2010-02-14 10:00:39 +05:00
Waqas Hussain	3ca0b28b54	mod_tls: Fixed traceback during S2S TLS (nil global access).	2010-02-14 09:59:57 +05:00
Matthew Wild	8d64ab2d1f	mod_tls: Refactor to simplify detection of whether we can do TLS on a connection	2010-02-12 21:57:46 +00:00
Matthew Wild	f7573ef4ff	mod_tls: Don't offer TLS on hosts that don't have any certs	2010-02-12 21:33:22 +00:00
Waqas Hussain	1445574fd3	s2smanager, mod_compression, mod_tls: Changed event.session to event.origin for s2s-stream-features event for consistency.	2010-02-12 04:30:17 +05:00
Waqas Hussain	4233a8ccf5	mod_tls: Hook stream-features event using new events API.	2010-02-12 03:50:44 +05:00
Waqas Hussain	75459a7ca5	mod_tls: Cleanup.	2010-02-12 03:46:48 +05:00
Waqas Hussain	4df5e22f1e	mod_tls: Fixed an extra :up() in s2s stream feature generation.	2010-02-12 03:14:53 +05:00
Waqas Hussain	91d9bb9a66	mod_tls: Remove origin type check when TLS is requested (thanks MattJ).	2010-02-12 02:43:02 +05:00
Waqas Hussain	2bfb7b55ed	mod_tls: Respond with proper error when TLS cannot be negotiated.	2010-02-12 02:39:50 +05:00
Waqas Hussain	eeca1d016a	mod_tls: Inlined some code.	2010-02-12 02:32:27 +05:00
Waqas Hussain	23cbd2c45e	mod_tls: Merged duplicate code.	2010-02-12 02:15:54 +05:00
Waqas Hussain	9d2742cc9a	mod_tls: Switched to new events API.	2010-02-12 01:56:18 +05:00
Waqas Hussain	bdc87e4345	mod_tls: Slight refactoring.	2010-02-12 01:47:10 +05:00
Waqas Hussain	6d21bd8cf4	mod_tls: Don't advertise TLS after authentication.	2010-02-10 01:36:22 +05:00
Matthew Wild	0a591ad33a	mod_tls: Remove some redundant variable declarations	2010-01-31 15:40:28 +00:00
Matthew Wild	b870a3fe51	mod_tls: Set the sslctx on outgoing connections (possibly the cause of outgoing s2s connections not being encrypted)	2010-01-31 15:39:49 +00:00
Matthew Wild	f8a121c33b	mod_tls: Update for new server SSL syntax	2010-01-31 15:39:04 +00:00
Matthew Wild	0c333f589c	mod_tls: Set the sslctx on outgoing connections (possibly the cause of outgoing s2s connections not being encrypted)	2010-01-31 15:39:49 +00:00
Matthew Wild	d578bb8ff2	mod_tls: Switch to : syntax for connection methods	2009-11-21 17:16:46 +00:00
Matthew Wild	4bfd2f37a9	mod_tls: Don't offer TLS on hosts that don't have any certs	2010-02-12 21:33:22 +00:00
Waqas Hussain	db783f4a21	mod_tls: Fixed an extra :up() in s2s stream feature generation.	2010-02-12 03:14:53 +05:00
Waqas Hussain	2e726abc77	mod_tls: Respond with proper error when TLS cannot be negotiated.	2010-02-12 02:39:50 +05:00
Matthew Wild	a3472930c0	mod_tls: Offer the host-specific cert (when there is one) to incoming c2s/s2s connections, fixes #30 (thanks, albert, Flo, johnny, and all who nagged me :) )	2009-10-17 16:25:28 +01:00
Matthew Wild	ed822f1ef0	mod_tls: Don't try to start TLS if we can't actually do it (thanks Florob)	2009-10-09 17:48:45 +01:00
Matthew Wild	fd3ddd9222	mod_tls: Catch s2s-stream-features and add starttls feature if possible	2009-10-08 23:41:59 +01:00
Matthew Wild	f13dfe04be	mod_tls: Mark sessions as not secure when negotiating outward TLS, so they get marked secure later. Fixes missing (encrypted) for outgoing sessions in s2s:show(). Thanks albert, McKael :)	2009-10-06 10:34:13 +01:00
Matthew Wild	9ea966ae38	mod_tls: require_s2s_encryption -> s2s_require_encryption	2009-10-05 15:00:05 +01:00
Matthew Wild	de057a2b2b	require_encryption deprecated, use c2s_require_encryption instead	2009-10-05 14:59:30 +01:00
Matthew Wild	57d6a05e83	mod_tls: Mark starttls feature as <required/> if require_s2s_encryption is enabled	2009-10-05 14:52:30 +01:00
Matthew Wild	6e6adedce2	mod_tls: Mark session as not secure before negotiating TLS	2009-10-05 14:51:53 +01:00
Matthew Wild	0737347176	mod_tls: Only advertise TLS if the server told us which host they are connecting to	2009-10-05 10:10:53 +01:00