mod_admin_shell: Add help section about roles As in the argument to user:create() and user:roles() Tricky to come up with something sensible to write when Prosody core only knows of the 'prosody:admin' role so far.

mod_s2s: Retrieve TLS context for outgoing Direct TLS connections from mod_tls So that the same TLS context is used for both Direct TLS and starttls, since they are supposed to be functionally identical apart from the few extra round trips. A new event is added because the 's2s-created' event fires much later, after a connection has already been established, where we need the TLS context before that.

mod_s2s: Enable outgoing Direct TLS connections Makes it faster by cutting out the roundtrips involved in <starttls/>, at the cost of making an additional SRV lookup. Since we already ignore a missing <starttls/> offer and try anyway there is not much difference in security. The fact that XMPP is used and the hostnames involved might still be visible until the future Encrypted ClientHello extension allows hiding those too.

net.connect: Allow passing TLS context from resolver Only allowing it to be passed directly makes it hard to combine plain (i.e. starttls) and Direct TLS connections in the same connection resolution procedure. But now we can, using chained resolvers!

net.resolvers.chain: A resolver for combining other resolvers Say if you wanted to try both _xmpp and _xmpps services

Merge 0.11->trunk

util.xml: Deduplicate handlers for restricted XML Makes the code more like util.xmppstream, allowing easier comparisons if we ever need to apply fixes in the future.

util.xml: Break reference to help the GC (fix #1711) LuaExpat uses a registry reference to track handlers, which makes it so that an upvalue like this creates a reference loop that keeps the parser and its handlers from being garbage collected. The same issue has affected util.xmppstream in the past. Code for checking: local xml_parse = require"util.xml".parse; for i = 1, 10000 do xml_parse("<root/>") end collectgarbage(); collectgarbage(); print(collectgarbage("count"), "KiB"); A future release of LuaExpat may fix the underlying issue there.

util.prosodyctl.cert: Check success of copy operations, warn on fail Debugging a case where certs are not imported correctly but prosodyctl still reports success. Hoping this will shed some light on it.

util.prosodyctl.cert: Pass variables via formatting instead of concatenation Prevents potential weirdness in case there's any %s or such in a host, file or directory name, since show_warning() is printf().