Kim Alvefur <zash@zash.se> [Sun, 23 Oct 2022 02:49:05 +0200] rev 13285
mod_saslauth: Get correct 'tls-server-end-point' with new LuaSec API
MattJ contributed new APIs for retrieving the actually used certificate
and chain to LuaSec, which are not in a release at the time of this
commit.
Matthew Wild <mwild1@gmail.com> [Wed, 07 Sep 2022 11:29:00 +0100] rev 13284
mod_c2s: Add session.ssl_cfg/ssl_ctx for direct TLS connections
Matthew Wild <mwild1@gmail.com> [Wed, 07 Sep 2022 11:26:42 +0100] rev 13283
portmanager: Expose API to get at SSL/TLS config for a given interface/port
Kim Alvefur <zash@zash.se> [Tue, 29 Jun 2021 00:22:36 +0200] rev 13282
mod_saslauth: Derive hash from certificate per tls-server-end-point
This originally used a WIP implementation of cert:sigalg(), a method to
retrieve certificate signature algorithm, but it was never submitted
upstream. https://github.com/Zash/luasec/tree/zash/sigalg
cert:getsignaturename() was merged in
https://github.com/brunoos/luasec/commit/de393417b7c7566caf1e0a0ad54132942ac4f049
XEP-0440 v0.3.0 made implementing tls-server-end-point a MUST
Kim Alvefur <zash@zash.se> [Mon, 07 Dec 2020 19:53:26 +0100] rev 13281
mod_saslauth: Support tls-server-end-point via manually specified hash
Since this channel binding method is said to enable TLS offloading then
you need tell Prosody the hash (or the full cert), so this seems like a
good start.
Support is RECOMMENDED in XEP-0440 version 0.2
Kim Alvefur <zash@zash.se> [Sat, 21 Oct 2023 12:56:39 +0200] rev 13280
mod_tokenauth: Set name/description on cleanup job
Kim Alvefur <zash@zash.se> [Sat, 21 Oct 2023 12:33:55 +0200] rev 13279
mod_tokenauth: Save grant after removing expired tokens
Ensures the periodic cleanup really does remove expired tokens.
Kim Alvefur <zash@zash.se> [Mon, 09 Oct 2023 20:31:35 +0200] rev 13278
mod_tokenauth: Periodically clear out expired tokens and grants
This should ensure expired grants eventually disappear.
Kim Alvefur <zash@zash.se> [Mon, 16 Oct 2023 23:51:52 +0200] rev 13277
mod_tokenauth: Delete grants without tokens after period
Generally it is expected that a grant would have at least one token as
long as the grant is in active use.
Refresh tokens issued by mod_http_oauth2 have a lifetime of one week by
default, so the idea here is that if that refresh token expired and
another week goes by without the grant being used, then the whole grant
can be removed.
Kim Alvefur <zash@zash.se> [Mon, 09 Oct 2023 20:28:37 +0200] rev 13276
mod_tokenauth: Clear expired tokens on grant retrieval