Kim Alvefur <zash@zash.se> [Sun, 23 Jan 2022 19:55:32 +0100] rev 12212
mod_admin_shell: Add help section about roles
As in the argument to user:create() and user:roles()
Tricky to come up with something sensible to write when Prosody core
only knows of the 'prosody:admin' role so far.
Kim Alvefur <zash@zash.se> [Fri, 21 Jan 2022 18:42:38 +0100] rev 12211
mod_s2s: Retrieve TLS context for outgoing Direct TLS connections from mod_tls
So that the same TLS context is used for both Direct TLS and starttls,
since they are supposed to be functionally identical apart from the few
extra round trips.
A new event is added because the 's2s-created' event fires much later,
after a connection has already been established, where we need the TLS
context before that.
Kim Alvefur <zash@zash.se> [Fri, 21 Jan 2022 17:59:19 +0100] rev 12210
mod_s2s: Enable outgoing Direct TLS connections
Makes it faster by cutting out the roundtrips involved in <starttls/>,
at the cost of making an additional SRV lookup.
Since we already ignore a missing <starttls/> offer and try anyway there
is not much difference in security. The fact that XMPP is used and the
hostnames involved might still be visible until the future Encrypted
ClientHello extension allows hiding those too.
Kim Alvefur <zash@zash.se> [Fri, 21 Jan 2022 17:57:47 +0100] rev 12209
net.connect: Allow passing TLS context from resolver
Only allowing it to be passed directly makes it hard to combine plain
(i.e. starttls) and Direct TLS connections in the same connection
resolution procedure. But now we can, using chained resolvers!
Kim Alvefur <zash@zash.se> [Fri, 21 Jan 2022 17:56:20 +0100] rev 12208
net.resolvers.chain: A resolver for combining other resolvers
Say if you wanted to try both _xmpp and _xmpps services
Kim Alvefur <zash@zash.se> [Thu, 20 Jan 2022 13:02:24 +0100] rev 12207
Merge 0.11->trunk
Kim Alvefur <zash@zash.se> [Thu, 20 Jan 2022 10:51:46 +0100] rev 12206
util.xml: Deduplicate handlers for restricted XML
Makes the code more like util.xmppstream, allowing easier comparisons if
we ever need to apply fixes in the future.
Kim Alvefur <zash@zash.se> [Thu, 20 Jan 2022 09:57:20 +0100] rev 12205
util.xml: Break reference to help the GC (fix #1711)
LuaExpat uses a registry reference to track handlers, which makes
it so that an upvalue like this creates a reference loop that keeps the
parser and its handlers from being garbage collected. The same issue has
affected util.xmppstream in the past.
Code for checking:
local xml_parse = require"util.xml".parse;
for i = 1, 10000 do xml_parse("<root/>") end
collectgarbage(); collectgarbage();
print(collectgarbage("count"), "KiB");
A future release of LuaExpat may fix the underlying issue there.
Kim Alvefur <zash@zash.se> [Wed, 19 Jan 2022 10:28:09 +0100] rev 12204
util.prosodyctl.cert: Check success of copy operations, warn on fail
Debugging a case where certs are not imported correctly but prosodyctl
still reports success. Hoping this will shed some light on it.
Kim Alvefur <zash@zash.se> [Wed, 19 Jan 2022 10:26:43 +0100] rev 12203
util.prosodyctl.cert: Pass variables via formatting instead of concatenation
Prevents potential weirdness in case there's any %s or such in a host,
file or directory name, since show_warning() is printf().