apitech
/
prosody
mirror of https://github.com/bjc/prosody
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
8969 Commits
12 Branches
101 Tags
54 MiB
Tag: Branch: Tree: bc3d454dd6
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'bc3d454dd6'
${ noResults }
Commit Graph

112 Commits (bc3d454dd6f46292f08f4f724203de22a85800ca)

Author SHA1 Message Date
Kim Alvefur 5b0c75379e core.certmanager: Allow all non-whitespace in service name (fixes #1019)
8 years ago
Kim Alvefur fe36378134 certmanager: Check for missing certificate before key in configuration (should be marginally less confusing)
8 years ago
Kim Alvefur 9690a86204 certmanager: Set single curve conditioned on LuaSec advertising EC crypto support
8 years ago
Kim Alvefur aa6ed63bd8 certmanager: Filter out curves not supported by LuaSec
8 years ago
Kim Alvefur 30ba266c2c certmanager: Change table representing LuaSec capabilities to match capabilities table exposed in LuaSec 0.7
8 years ago
Kim Alvefur 146acdbd33 vairious: Add annotation when an empty environment is set [luacheck]
8 years ago
Kim Alvefur 0e2e10c17d core.certmanager: Set a default curveslist [sic], fixes #879, #943, #951 if used along with luasec 0.7 and openssl 1.1
8 years ago
Kim Alvefur dc6396df0d prosodyctl: cert import: Reuse function from certmanager for locating certificates and keys
8 years ago
Matthew Wild 415a8b2e9e certmanager: Add debug logging (thanks av6)
8 years ago
Kim Alvefur bdab24d3dc certmanager: Update the 'certificates' option after the config has been reloaded (fixes #929)
9 years ago
Kim Alvefur 710d550957 core.certmanager: Translate "no start line" to something friendlier (thanks santiago)
9 years ago
Kim Alvefur d854c36fc5 core.certmanager: Split cipher list into array with comments explaining each part
9 years ago
Kim Alvefur c4d9a997e5 certmanager: Assume default config path of '.' (fixes prosodyctl check certs when not installed)
10 years ago
Matthew Wild b246855e0a certmanager: Explicitly tonumber() version number segments before doing arithmetic and avoid relying on implicit coercion (thanks David Favro)
10 years ago
Matthew Wild e169a3f1c5 certmanager: Localize tonumber
10 years ago
Kim Alvefur e70cd52ed9 certmanager: Try filename.key if certificate is set to a full filename ending with .crt
10 years ago
Kim Alvefur c607c09f92 certmanager: Apply global ssl config later so certificate/key is not overwritten by magic
10 years ago
Matthew Wild 7a87ef0b67 certmanager: Support new certificate configuration for non-XMPP services too (fixes #614)
10 years ago
Kim Alvefur e1fc04ae01 core.certmanager: Look for certificate and key in a few different places
10 years ago
Kim Alvefur e0c0cf5743 core.certmanager: Remove non-string filenames (allows setting eg capath to false to disable the built in default)
10 years ago
Kim Alvefur 075278ff98 core.*: Remove use of module() function
11 years ago
Kim Alvefur 7c0ead1c91 certmanager: Fix compat for MattJs old LuaSec fork
11 years ago
Kim Alvefur 4468490bb4 certmanager: Fix previous commit
11 years ago
Kim Alvefur 4e762a6e4d certmanager: Limit certificate chain depth to 9
11 years ago
Kim Alvefur 74f99c6bde certmanager: Options that appear to be available since LuaSec 0.2
11 years ago
Kim Alvefur 18250d87df certmanager: Improve "detection" of features that depend on LuaSec version
11 years ago
Kim Alvefur ee6f6501bd certmanager: Add locals for ssl.context and ssl.x509
11 years ago
Kim Alvefur 2b494c1a1c certmanager: Early return from the entire module if LuaSec is unavailable
11 years ago
Matthew Wild 057e6a9cab certmanager: Make global variable access explicit
11 years ago
Kim Alvefur a5fc6e29d9 certmanager, mod_tls: Return final ssl config as third return value (fix for c6caaa440e74, portmanager assumes non-falsy second return value is an error) (thanks deoren)
11 years ago
Kim Alvefur 9dc76115b1 certmanager: Return final ssl config along with ssl context on success
11 years ago
Matthew Wild c5d0345453 certmanager, net.http: Disable SSLv3 by default
11 years ago
Kim Alvefur 4dbcfd32b3 core.certmanager: Make create_context() support an arbitrary number of option sets, merging all
12 years ago
Kim Alvefur 851f3018e7 core.certmanager: Use util.sslconfig
12 years ago
Kim Alvefur e31991a773 core.certmanager, core.moduleapi, mod_storage_sql, mod_storage_sql2: Import from util.paths
12 years ago
Kim Alvefur 3674d93277 certmanager: Move ssl.protocol handling to after ssl.options is a table (thanks Ralph)
12 years ago
Kim Alvefur 84ab9b7805 certmanager: Fix traceback if no global 'ssl' section set (thanks albert)
12 years ago
Kim Alvefur c8e173e9c9 certmanager: Update ssl_compression when config is reloaded
12 years ago
Kim Alvefur 0f3d96bb85 certmanager: Reformat core ssl defaults
12 years ago
Kim Alvefur 7229a760a4 certmanager: Support ssl.protocol syntax like "tlsv1+" that disables older protocols
12 years ago
Kim Alvefur 01c2957f02 certmanager: Merge ssl.options, verify etc from core defaults and global ssl settings with inheritance while allowing options to be disabled per virtualhost
12 years ago
Kim Alvefur ff3d811e6a certmanager: Wrap long line and add comment
12 years ago
Kim Alvefur 6031d2cdfa certmanager: Concatenate cipher list if given as a table
12 years ago
Kim Alvefur a43c400bf8 certmanager: Allow non-server contexts to be without certificate and key
12 years ago
Kim Alvefur 5dc9451f0e certmanager: Check for non-nil values instead of true-ish values, allows removing defaults
12 years ago
Matthew Wild 2565ed535e certmanager: Further cipher string tweaking. Re-enable ciphers required for DSA and ECDH certs/keys.
12 years ago
Matthew Wild 5f4e34aa73 Back out 1b0ac7950129, as SSLv3 appears to still be in moderate use on the network. Also, although obsolete, SSLv3 isn't documented to have any weaknesses that TLS 1.0 (the most common version used today) doesn't also have. Get your act together clients!
12 years ago
Matthew Wild 67a543adb0 certmanager: Update default cipher string to prefer forward-secrecy over cipher strength and to disable triple-DES (weaker and much slower than AES)
12 years ago
Matthew Wild 84ab7c5628 certmanager: Fix order of options, so that the dynamic option is at the end of the array
12 years ago
Matthew Wild 9a43ef189a certmanager: Default to using the server's cipher preference order by default, as clients have been shown to commonly select weak and insecure ciphers even when they support stronger ones
12 years ago