This is a new API that should be used in preference to http.destroy_request()
when possible, as it ensures the callback is always called (with an error of
course).
APIs that have edge-cases where they don't call callbacks have, from experience,
shown to be difficult to work with and often lead to unintentional leaks when
the callback was expected to free up certain resources.
The stanza-id added during archiving looks exactly like what should be
stripped, so the stripping must happen before archiving.
Getting priorities right is hard!
Also no test coverage yet.
27f5db07bec9 fixed this wrong. The code is supposed to check if the
stanza is NOT sent to your bare JID. A MUC PM is always sent to your
full JID. Hopefully nobody sends MUC invites to full JIDs, because those
would be skipped by this as well.
Backport of 94e341dee51c
The original intent of having kEDH before kEECDH was that if a `dhparam`
file was specified, this would be interpreted as a preference by the
admin for old and well-tested Diffie-Hellman key agreement over newer
elliptic curve ones. Otherwise the faster elliptic curve ciphersuites
would be preferred. This didn't really work as intended since this
affects the ClientHello on outgoing s2s connections, leading to some
servers using poorly configured kEDH.
With Debian shipping OpenSSL settings that enforce a higher security
level, this caused interoperability problems with servers that use DH
params smaller than 2048 bits. E.g. jabber.org at the time of this
writing has 1024 bit DH params.
MattJ says
> Curves have won, and OpenSSL is less weird about them now
This makes
`prosodyctl cert import example.com /path/to/example.com/fullchain.pem`
work. This was never intended to, yet users commonly tried this and got
problems.
The LuaSec :info() method gathers info using the OpenSSL function
SSL_get_current_cipher(). Documentation for this function states that it
may return NULL if no session has been established (yet). If so, the
LuaSec functions wrapping this return nil, triggering a nil-indexing
error in mod_admin_telnet.
This lets Prosody handle socket related work between each step in the
cleanup in order to prevent the server from being completely blocked
during this.
An async storage backend would not need this but those are currently
rare.
Some lines seem to have gotten the wrong indentation, possibly caused by
Meld which often ignores lines with only whitespace changes and leaves
their previous indentation.
The 'store' path componend used to be unescaped until 756a2a00e7e7 added
escaping to address issues with characters like '/' used in PEP, but
with a special case for '_' which was already in common use in 'store'
path components.
Missed adding this escaping here.
