prosody

Commit Graph

Author	SHA1	Message	Date
Kim Alvefur	fd2785d99d	mod_s2s: Rename Direct TLS listener 's2s_direct_tls' Following the style of other options like (c2s\|s2s)_require_encryption, s2s_secure_auth etc.	4 years ago
Kim Alvefur	702d8a9ab4	mod_s2s: Add a Direct TLS listener Mirroring the c2s 'direct_tls'. Naming things is hard. direct_tls_s2s_ports = { 5269+1 }	4 years ago
Kim Alvefur	c42a125cc7	mod_s2s: Handle connections having TLS from the start This could be done with multiplexing, or a future additional port definition.	4 years ago
Kim Alvefur	c3047df95a	mod_s2s: Factor out procedure for newly encrypted sessions Goal is to call this if the connection is using Direct TLS, either via multiplexing or a future Direct TLS S2S port.	4 years ago
Kim Alvefur	8bde7461c1	mod_c2s,mod_s2s: Indicate stanza size violation with condition from XEP-0205 (thanks mjk)	4 years ago
Kim Alvefur	48216c1dc8	mod_c2s,mod_s2s: Fire event just before writes Could allow e.g. a XEP-0198 implementation to efficiently send ack requests at optimal times without using timers or nextTick.	4 years ago
Kim Alvefur	b686dda4af	mod_s2s: Fire 's2s-ondrain' event, mirroring mod_c2s Signals that any pending outgoing stanzas that were in the write buffer have at least been sent off to the Kernel and maybe even sent out over the network. See 7a703af90c9c for mod_c2s commit	4 years ago
Kim Alvefur	fa25e086f4	mod_s2s: Clone 'extra' data to let resolvers add more to it This way 'extra' is unique for each connect() instance, making it safer to mutate it, while inheriting the global settings. See 926d53af9a7a for some more context.	5 years ago
Kim Alvefur	bce7688486	mod_s2s: Handle measurement where the local host is unknown This could happen with Dialback-only connections or others that were missing the stream 'to' attribute.	5 years ago
Kim Alvefur	64a444e3a2	mod_s2s: Guard against missing 'to' on incoming stream Given an incoming <stream:stream from="example.com"> this line would have mistakenly reported the 'from' as the local host. Neither are technically required and may be missing, especially on connections used only for Dialback. Outgoing connections initiated by Prosody always have 'from_host' and 'to_host', so it is safer to check it this way.	5 years ago
Kim Alvefur	6ca7b680e0	mod_s2s: Don't close connections on reload	5 years ago
Kim Alvefur	064494bbec	mod_s2s: Close connections attached to a host being deactivated Couldn't use those with the host being deactivated. Problem: This kicks in on reload, which isn't needed.	5 years ago
Kim Alvefur	9298e3ba8a	mod_s2s: Vary log level by remote stream error Increases log level for stream conditions that could indicate a problem on our end, especially programming errors like invalid XML, or the remote server saying that our certificate is invalid, since these should be investigated. Non-issues like closing of idle streams are lowered to debug since it's mostly noise. Other issues left at info are mostly about changes to the remote server, e.g. complete or partial shutdown.	5 years ago
Kim Alvefur	0ea107ffd0	mod_s2s: Remove connection timeout once it's no longer needed Reduces the number of left-over timers to handle after many s2s connections were started, leaving only the ones related to incomplete connections.	5 years ago
Kim Alvefur	ca51cdad38	mod_s2s: Log debug message on attempted close of an connectionless session This should probably never happen, but probably does anyways. A debug message would show the truth of the matter.	5 years ago
Kim Alvefur	af9ecb24b8	mod_s2s: Drop level of indentation by inverting a condition and early return Nicer to get rid of a conditional that covers such a large portion of a pretty big function.	5 years ago
Kim Alvefur	f9912b0dd7	mod_s2s: Use module API to fire events These direct accesses are probably more optimized, but weird when the module API has methods for these things.	5 years ago
Kim Alvefur	ab7abe3f8c	mod_s2s: Remove duplicate method call (thanks luacheck) Should have been removed in the previous commit.	5 years ago
Kim Alvefur	d07638c8d2	mod_s2s: Guard against LuaSec not returning TLS info here too See previous commit to mod_c2s: a62146353528	5 years ago
Kim Alvefur	f55f6be0ff	mod_s2s: Bail if connection is destroyed after attempting to open stream Fixes "attempt to compare number with nil" because `session.version` has been cleared by s2smanager.destroy_session. This can happen with the server_epoll setting opportunistic_writes enabled, which means that it can notice that the connection failed at this point, after which it triggers the whole chain of events that leads to session destruction and "cleaning" most of the session fields.	5 years ago
Kim Alvefur	aa041ffa10	mod_c2s,mod_s2s: Collect stats on TLS versions and ciphers	5 years ago
Jonas Schäfer	f18e33228d	s2s et al.: Add counters for connection state transitions	5 years ago
Jonas Schäfer	b027ddcbfc	mod_s2s: Port to new OpenMetrics API	5 years ago
Kim Alvefur	8673a99a09	mod_s2s: Buffer stream error + stream closing tag In "opportunistic writes" mode, prevents ondisconnect from happening while writing the stream closing tag.	5 years ago
Kim Alvefur	494b53ce0b	mod_s2s: Check direction in bidi-aware style Both session.incoming and session.outgoing are truthy here, but session.direction indicates the "real" direction in the way that matters for the order of events when opening or closing streams.	5 years ago
Kim Alvefur	bef26775f1	mod_s2s: Add config setting to enable DANE	5 years ago
Kim Alvefur	cd1aadb52e	mod_s2s: Clarify comment about unused TLS settings Ref 115b5e32d960	5 years ago
Kim Alvefur	6b98a3f551	mod_s2s: Move out of empty directory mod_s2s.lua had been all alone in there since the removal of s2sout.lib.lua in 756b8821007a	6 years ago
Kim Alvefur	5abc2e6a5c	mod_c2s,mod_s2s: Make stanza size limits configurable	6 years ago
Kim Alvefur	d22e85debc	mod_c2s,mod_s2s: Use a distinct stream error for hitting stanza size limit Since this is not a real parse error, it should not be reported as such.	6 years ago
Kim Alvefur	a7c0def27f	mod_s2s: Run stream close in async context Allows async processing during stream shutdown. Fixes potential ASYNC-01 issues, however no such issues known at the time of this commit.	6 years ago
Kim Alvefur	289898e68f	mod_s2s: Improve signaling of stream open events Makes it clearer, cleaner and easier to extend.	6 years ago
Kim Alvefur	798995ef1a	mod_s2s: Fix typo in comment [codespell]	6 years ago
Kim Alvefur	ebb79437a8	mod_s2s: Comment on the various 'reason' arguments passed to :close	6 years ago
Matthew Wild	165901fe80	mod_s2s: Pass use_ipv4/use_ipv6 from config to service resolver	6 years ago
Matthew Wild	6e108728a1	Backed out changeset 74d66b1be989 (not optimal API)	6 years ago
Matthew Wild	9782727301	mod_s2s: Pass use_ipv4/ipv6 from config to connector config	6 years ago
Kim Alvefur	ad26a3b047	mod_s2s: Remove obsolete pre-connect buffer Originally added in c500d4cb7855 Dead code since the net.connect switch in 756b8821007a	6 years ago
Kim Alvefur	ffcb8303cc	mod_s2s: Fix name conflict introduced in c7864f970969	6 years ago
Kim Alvefur	2d5eaff749	mod_s2s: Invert condition to return early and reduce indentation	6 years ago
Kim Alvefur	9f46aa4d48	mod_s2s: Fix mistake in 28755107c2f4	6 years ago
Kim Alvefur	91415f5a71	mod_s2s: Refactor stream error handling on close Deduplicates the 3 log calls that log the same thing but subtly differently. The first one would say "Disconnecting localhost" and the last one didn't log the IP.	6 years ago
Kim Alvefur	a62ff5dc64	mod_s2s: Use stanza type check instead of duck typing	6 years ago
Kim Alvefur	33ba4c2dba	mod_s2s: Improve TLS handshake error messages This should make it clearer that it's about the TLS handshake. Otherwise it's something like "unsupported protocol" or "no shared ciphers" that might not be that obvious.	6 years ago
Kim Alvefur	56500e6e05	mod_s2s: Log from session logger Helps locating all messages related to a specific session	6 years ago
Kim Alvefur	39cc0ec451	mod_s2s: Improve log message about forbidding insecure connections This new wording generator is nice.	6 years ago
Kim Alvefur	0fdb85997a	mod_net_multiplex: Add support for using ALPN Potentially a bit more efficient since it can jump to the selected protocol on connect instead of waiting for some data to look at. Adds a 'protocol' field to net providers for this purpose.	6 years ago
Kim Alvefur	35d07425e3	mod_s2s: Prevent unhandled stanza handler from complaining about stream features on aborted connections I have no idea why I wrote return false in e5945fb5b71f	6 years ago
Kim Alvefur	61228e919c	mod_s2s: Abort outgoing connections earlier when TLS requirement isn't satisfied This ensures the closure reason is accurate and not reported as an authentication or other problem	6 years ago
Kim Alvefur	976a86ee46	mod_s2s: Send stream errors for cert problems on outgoing connections Rationale in comment.	6 years ago

31 Commits (21eeadecc7c94a07ea1ebdb1666dd40fa2ea8a9d)