Kim Alvefur <zash@zash.se> [Fri, 21 Jan 2022 17:59:19 +0100] rev 12210
mod_s2s: Enable outgoing Direct TLS connections
Makes it faster by cutting out the roundtrips involved in <starttls/>,
at the cost of making an additional SRV lookup.
Since we already ignore a missing <starttls/> offer and try anyway there
is not much difference in security. The fact that XMPP is used and the
hostnames involved might still be visible until the future Encrypted
ClientHello extension allows hiding those too.
Kim Alvefur <zash@zash.se> [Fri, 21 Jan 2022 17:57:47 +0100] rev 12209
net.connect: Allow passing TLS context from resolver
Only allowing it to be passed directly makes it hard to combine plain
(i.e. starttls) and Direct TLS connections in the same connection
resolution procedure. But now we can, using chained resolvers!
Kim Alvefur <zash@zash.se> [Fri, 21 Jan 2022 17:56:20 +0100] rev 12208
net.resolvers.chain: A resolver for combining other resolvers
Say if you wanted to try both _xmpp and _xmpps services
Kim Alvefur <zash@zash.se> [Thu, 20 Jan 2022 13:02:24 +0100] rev 12207
Merge 0.11->trunk
Kim Alvefur <zash@zash.se> [Thu, 20 Jan 2022 10:51:46 +0100] rev 12206
util.xml: Deduplicate handlers for restricted XML
Makes the code more like util.xmppstream, allowing easier comparisons if
we ever need to apply fixes in the future.
Kim Alvefur <zash@zash.se> [Thu, 20 Jan 2022 09:57:20 +0100] rev 12205
util.xml: Break reference to help the GC (fix #1711)
LuaExpat uses a registry reference to track handlers, which makes
it so that an upvalue like this creates a reference loop that keeps the
parser and its handlers from being garbage collected. The same issue has
affected util.xmppstream in the past.
Code for checking:
local xml_parse = require"util.xml".parse;
for i = 1, 10000 do xml_parse("<root/>") end
collectgarbage(); collectgarbage();
print(collectgarbage("count"), "KiB");
A future release of LuaExpat may fix the underlying issue there.
Kim Alvefur <zash@zash.se> [Wed, 19 Jan 2022 10:28:09 +0100] rev 12204
util.prosodyctl.cert: Check success of copy operations, warn on fail
Debugging a case where certs are not imported correctly but prosodyctl
still reports success. Hoping this will shed some light on it.
Kim Alvefur <zash@zash.se> [Wed, 19 Jan 2022 10:26:43 +0100] rev 12203
util.prosodyctl.cert: Pass variables via formatting instead of concatenation
Prevents potential weirdness in case there's any %s or such in a host,
file or directory name, since show_warning() is printf().
Kim Alvefur <zash@zash.se> [Tue, 18 Jan 2022 15:43:17 +0100] rev 12202
tools/xep227toprosody: Remove obsolete tool in favor of storage driver
This tool hasn't been updated for recent XEP-0227 changes, hasn't seen
many changes at all since its introduction and I don't remember anyone
mentioning ever using it.
Using mod_storage_xmlarchive and the migrator or the 3rd party
mod_migrate tool should work better these days and should be the way
forward.
Kim Alvefur <zash@zash.se> [Tue, 18 Jan 2022 11:52:35 +0100] rev 12201
core.certmanager: Use 'tls_profile' instead of 'tls_preset' to match documentation
Confusion!
Thanks Martin