mod_s2s: Enable outgoing Direct TLS connections Makes it faster by cutting out the roundtrips involved in <starttls/>, at the cost of making an additional SRV lookup. Since we already ignore a missing <starttls/> offer and try anyway there is not much difference in security. The fact that XMPP is used and the hostnames involved might still be visible until the future Encrypted ClientHello extension allows hiding those too.

net.connect: Allow passing TLS context from resolver Only allowing it to be passed directly makes it hard to combine plain (i.e. starttls) and Direct TLS connections in the same connection resolution procedure. But now we can, using chained resolvers!

net.resolvers.chain: A resolver for combining other resolvers Say if you wanted to try both _xmpp and _xmpps services

Merge 0.11->trunk

util.xml: Deduplicate handlers for restricted XML Makes the code more like util.xmppstream, allowing easier comparisons if we ever need to apply fixes in the future.

util.xml: Break reference to help the GC (fix #1711) LuaExpat uses a registry reference to track handlers, which makes it so that an upvalue like this creates a reference loop that keeps the parser and its handlers from being garbage collected. The same issue has affected util.xmppstream in the past. Code for checking: local xml_parse = require"util.xml".parse; for i = 1, 10000 do xml_parse("<root/>") end collectgarbage(); collectgarbage(); print(collectgarbage("count"), "KiB"); A future release of LuaExpat may fix the underlying issue there.

util.prosodyctl.cert: Check success of copy operations, warn on fail Debugging a case where certs are not imported correctly but prosodyctl still reports success. Hoping this will shed some light on it.

util.prosodyctl.cert: Pass variables via formatting instead of concatenation Prevents potential weirdness in case there's any %s or such in a host, file or directory name, since show_warning() is printf().

tools/xep227toprosody: Remove obsolete tool in favor of storage driver This tool hasn't been updated for recent XEP-0227 changes, hasn't seen many changes at all since its introduction and I don't remember anyone mentioning ever using it. Using mod_storage_xmlarchive and the migrator or the 3rd party mod_migrate tool should work better these days and should be the way forward.

core.certmanager: Use 'tls_profile' instead of 'tls_preset' to match documentation Confusion! Thanks Martin