mod_saslauth: Get correct 'tls-server-end-point' with new LuaSec API MattJ contributed new APIs for retrieving the actually used certificate and chain to LuaSec, which are not in a release at the time of this commit.

mod_c2s: Add session.ssl_cfg/ssl_ctx for direct TLS connections

portmanager: Expose API to get at SSL/TLS config for a given interface/port

mod_saslauth: Derive hash from certificate per tls-server-end-point This originally used a WIP implementation of cert:sigalg(), a method to retrieve certificate signature algorithm, but it was never submitted upstream. https://github.com/Zash/luasec/tree/zash/sigalg cert:getsignaturename() was merged in https://github.com/brunoos/luasec/commit/de393417b7c7566caf1e0a0ad54132942ac4f049 XEP-0440 v0.3.0 made implementing tls-server-end-point a MUST

mod_saslauth: Support tls-server-end-point via manually specified hash Since this channel binding method is said to enable TLS offloading then you need tell Prosody the hash (or the full cert), so this seems like a good start. Support is RECOMMENDED in XEP-0440 version 0.2

mod_tokenauth: Set name/description on cleanup job

mod_tokenauth: Save grant after removing expired tokens Ensures the periodic cleanup really does remove expired tokens.

mod_tokenauth: Periodically clear out expired tokens and grants This should ensure expired grants eventually disappear.

mod_tokenauth: Delete grants without tokens after period Generally it is expected that a grant would have at least one token as long as the grant is in active use. Refresh tokens issued by mod_http_oauth2 have a lifetime of one week by default, so the idea here is that if that refresh token expired and another week goes by without the grant being used, then the whole grant can be removed.

mod_tokenauth: Clear expired tokens on grant retrieval