apitech
/
prosody
mirror of https://github.com/bjc/prosody
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
6981 Commits
12 Branches
101 Tags
54 MiB
Tag: Branch: Tree: 8370703ece
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '8370703ece'
${ noResults }
Commit Graph

99 Commits (8370703ece4eef92aa1b96cc39f4886ae2af01ac)

Author SHA1 Message Date
Kim Alvefur c4d9a997e5 certmanager: Assume default config path of '.' (fixes prosodyctl check certs when not installed)
10 years ago
Matthew Wild b246855e0a certmanager: Explicitly tonumber() version number segments before doing arithmetic and avoid relying on implicit coercion (thanks David Favro)
10 years ago
Matthew Wild e169a3f1c5 certmanager: Localize tonumber
10 years ago
Kim Alvefur e70cd52ed9 certmanager: Try filename.key if certificate is set to a full filename ending with .crt
10 years ago
Kim Alvefur c607c09f92 certmanager: Apply global ssl config later so certificate/key is not overwritten by magic
10 years ago
Matthew Wild 7a87ef0b67 certmanager: Support new certificate configuration for non-XMPP services too (fixes #614)
10 years ago
Kim Alvefur e1fc04ae01 core.certmanager: Look for certificate and key in a few different places
10 years ago
Kim Alvefur e0c0cf5743 core.certmanager: Remove non-string filenames (allows setting eg capath to false to disable the built in default)
10 years ago
Matthew Wild c5d0345453 certmanager, net.http: Disable SSLv3 by default
11 years ago
Kim Alvefur 075278ff98 core.*: Remove use of module() function
11 years ago
Kim Alvefur 7c0ead1c91 certmanager: Fix compat for MattJs old LuaSec fork
11 years ago
Kim Alvefur 4468490bb4 certmanager: Fix previous commit
11 years ago
Kim Alvefur 4e762a6e4d certmanager: Limit certificate chain depth to 9
11 years ago
Kim Alvefur 74f99c6bde certmanager: Options that appear to be available since LuaSec 0.2
11 years ago
Kim Alvefur 18250d87df certmanager: Improve "detection" of features that depend on LuaSec version
11 years ago
Kim Alvefur ee6f6501bd certmanager: Add locals for ssl.context and ssl.x509
11 years ago
Kim Alvefur 2b494c1a1c certmanager: Early return from the entire module if LuaSec is unavailable
11 years ago
Matthew Wild 057e6a9cab certmanager: Make global variable access explicit
11 years ago
Kim Alvefur a5fc6e29d9 certmanager, mod_tls: Return final ssl config as third return value (fix for c6caaa440e74, portmanager assumes non-falsy second return value is an error) (thanks deoren)
11 years ago
Kim Alvefur 9dc76115b1 certmanager: Return final ssl config along with ssl context on success
11 years ago
Kim Alvefur 4dbcfd32b3 core.certmanager: Make create_context() support an arbitrary number of option sets, merging all
12 years ago
Kim Alvefur 851f3018e7 core.certmanager: Use util.sslconfig
12 years ago
Kim Alvefur e31991a773 core.certmanager, core.moduleapi, mod_storage_sql, mod_storage_sql2: Import from util.paths
12 years ago
Kim Alvefur 3674d93277 certmanager: Move ssl.protocol handling to after ssl.options is a table (thanks Ralph)
12 years ago
Kim Alvefur 84ab9b7805 certmanager: Fix traceback if no global 'ssl' section set (thanks albert)
12 years ago
Kim Alvefur c8e173e9c9 certmanager: Update ssl_compression when config is reloaded
12 years ago
Kim Alvefur 0f3d96bb85 certmanager: Reformat core ssl defaults
12 years ago
Kim Alvefur 7229a760a4 certmanager: Support ssl.protocol syntax like "tlsv1+" that disables older protocols
12 years ago
Kim Alvefur 01c2957f02 certmanager: Merge ssl.options, verify etc from core defaults and global ssl settings with inheritance while allowing options to be disabled per virtualhost
12 years ago
Kim Alvefur ff3d811e6a certmanager: Wrap long line and add comment
12 years ago
Kim Alvefur 6031d2cdfa certmanager: Concatenate cipher list if given as a table
12 years ago
Kim Alvefur a43c400bf8 certmanager: Allow non-server contexts to be without certificate and key
12 years ago
Kim Alvefur 5dc9451f0e certmanager: Check for non-nil values instead of true-ish values, allows removing defaults
12 years ago
Matthew Wild 2565ed535e certmanager: Further cipher string tweaking. Re-enable ciphers required for DSA and ECDH certs/keys.
12 years ago
Matthew Wild 5f4e34aa73 Back out 1b0ac7950129, as SSLv3 appears to still be in moderate use on the network. Also, although obsolete, SSLv3 isn't documented to have any weaknesses that TLS 1.0 (the most common version used today) doesn't also have. Get your act together clients!
12 years ago
Matthew Wild 67a543adb0 certmanager: Update default cipher string to prefer forward-secrecy over cipher strength and to disable triple-DES (weaker and much slower than AES)
12 years ago
Matthew Wild 84ab7c5628 certmanager: Fix order of options, so that the dynamic option is at the end of the array
12 years ago
Matthew Wild 9a43ef189a certmanager: Default to using the server's cipher preference order by default, as clients have been shown to commonly select weak and insecure ciphers even when they support stronger ones
12 years ago
Kim Alvefur 1527cd447a certmanager: Disable SSLv3 by default
12 years ago
Kim Alvefur ddab347165 certmanager: Fix. Again.
12 years ago
Kim Alvefur e9b5aeb4c3 certmanager: Add back single_dh_use and single_ecdh_use to default options (Zash breaks, Zash unbreaks)
12 years ago
Kim Alvefur dac7b39113 certmanager: Allow for specifying the dhparam option as a path to a file instead of a callback
13 years ago
Kim Alvefur 69e2fd5d81 certmanager: Fix dhparam callback, missing imports (Testing, pfft)
13 years ago
Kim Alvefur 99ab893457 certmanager: Allow for specifying the dhparam option as a path to a file instead of a callback
13 years ago
Matthew Wild 599f897c2a certmanager: Fix for working around a bug with LuaSec 0.4.1 that causes it to not honour the 'ciphers' option. This change will apply 0.9's default cipher string for LuaSec 0.4.1 users.
13 years ago
Florian Zeitz 4b618a8727 Remove all trailing whitespace
13 years ago
Matthew Wild a0093f80ff certmanager: Set our own default cipher string, which includes only ciphers regarded as 'HIGH' strength (by OpenSSL). In particular this disables RC4.
13 years ago
Matthew Wild 47a2577f26 certmanager: Add single_dh_use and single_ecdh_use to default options
13 years ago
Matthew Wild 442955c94c certmanager: Set ssl.curve to 'secp384r1' by default, to enable ECC ciphers
13 years ago
Matthew Wild b4884d7aab certmanager: Use 'curve' and 'dhparam' options from ssl config if present
13 years ago