| Sat, 22 Nov 2014 11:51:54 +0100 |
Kim Alvefur |
certmanager, mod_tls: Return final ssl config as third return value (fix for c6caaa440e74, portmanager assumes non-falsy second return value is an error) (thanks deoren)
|
file |
diff |
annotate
|
| Wed, 19 Nov 2014 14:47:03 +0100 |
Kim Alvefur |
certmanager: Return final ssl config along with ssl context on success
|
file |
diff |
annotate
|
| Sun, 26 Oct 2014 20:57:06 +0100 |
Kim Alvefur |
Merge 0.9->0.10
|
file |
diff |
annotate
|
| Tue, 14 Oct 2014 18:55:08 +0100 |
Matthew Wild |
certmanager, net.http: Disable SSLv3 by default
0.9.6
|
file |
diff |
annotate
|
| Thu, 03 Jul 2014 15:32:26 +0200 |
Kim Alvefur |
core.certmanager: Make create_context() support an arbitrary number of option sets, merging all
|
file |
diff |
annotate
|
| Thu, 03 Jul 2014 15:31:12 +0200 |
Kim Alvefur |
core.certmanager: Use util.sslconfig
|
file |
diff |
annotate
|
| Fri, 09 May 2014 19:35:29 +0200 |
Kim Alvefur |
core.certmanager, core.moduleapi, mod_storage_sql, mod_storage_sql2: Import from util.paths
|
file |
diff |
annotate
|
| Mon, 21 Apr 2014 02:43:09 +0200 |
Kim Alvefur |
certmanager: Move ssl.protocol handling to after ssl.options is a table (thanks Ralph)
|
file |
diff |
annotate
|
| Sun, 20 Apr 2014 21:25:26 +0200 |
Kim Alvefur |
certmanager: Fix traceback if no global 'ssl' section set (thanks albert)
|
file |
diff |
annotate
|
| Tue, 15 Apr 2014 01:02:56 +0200 |
Kim Alvefur |
certmanager: Update ssl_compression when config is reloaded
|
file |
diff |
annotate
|
| Tue, 15 Apr 2014 00:49:17 +0200 |
Kim Alvefur |
certmanager: Reformat core ssl defaults
|
file |
diff |
annotate
|
| Tue, 15 Apr 2014 00:45:07 +0200 |
Kim Alvefur |
certmanager: Support ssl.protocol syntax like "tlsv1+" that disables older protocols
|
file |
diff |
annotate
|
| Tue, 15 Apr 2014 00:32:11 +0200 |
Kim Alvefur |
certmanager: Merge ssl.options, verify etc from core defaults and global ssl settings with inheritance while allowing options to be disabled per virtualhost
|
file |
diff |
annotate
|
| Mon, 14 Apr 2014 23:41:26 +0200 |
Kim Alvefur |
certmanager: Wrap long line and add comment
|
file |
diff |
annotate
|
| Mon, 14 Apr 2014 23:34:35 +0200 |
Kim Alvefur |
certmanager: Concatenate cipher list if given as a table
|
file |
diff |
annotate
|
| Mon, 14 Apr 2014 23:09:28 +0200 |
Kim Alvefur |
certmanager: Allow non-server contexts to be without certificate and key
|
file |
diff |
annotate
|
| Mon, 14 Apr 2014 23:00:44 +0200 |
Kim Alvefur |
certmanager: Check for non-nil values instead of true-ish values, allows removing defaults
|
file |
diff |
annotate
|
| Thu, 21 Nov 2013 02:14:23 +0000 |
Matthew Wild |
Merge 0.9->0.10
|
file |
diff |
annotate
|
| Thu, 21 Nov 2013 02:11:09 +0000 |
Matthew Wild |
certmanager: Further cipher string tweaking. Re-enable ciphers required for DSA and ECDH certs/keys.
|
file |
diff |
annotate
|
| Tue, 12 Nov 2013 02:23:02 +0000 |
Matthew Wild |
Merge 0.9->0.10
|
file |
diff |
annotate
|
| Tue, 12 Nov 2013 02:13:01 +0000 |
Matthew Wild |
Back out 1b0ac7950129, as SSLv3 appears to still be in moderate use on the network. Also, although obsolete, SSLv3 isn't documented to have any weaknesses that TLS 1.0 (the most common version used today) doesn't also have. Get your act together clients!
|
file |
diff |
annotate
|
| Sun, 10 Nov 2013 18:49:34 +0000 |
Matthew Wild |
Merge 0.9->0.10
|
file |
diff |
annotate
|
| Sun, 10 Nov 2013 18:46:48 +0000 |
Matthew Wild |
certmanager: Update default cipher string to prefer forward-secrecy over cipher strength and to disable triple-DES (weaker and much slower than AES)
|
file |
diff |
annotate
|
| Sat, 09 Nov 2013 18:36:32 +0000 |
Matthew Wild |
Merge 0.9->0.10
|
file |
diff |
annotate
|
| Sat, 09 Nov 2013 17:54:21 +0000 |
Matthew Wild |
certmanager: Fix order of options, so that the dynamic option is at the end of the array
|
file |
diff |
annotate
|
| Sat, 09 Nov 2013 17:50:19 +0000 |
Matthew Wild |
certmanager: Default to using the server's cipher preference order by default, as clients have been shown to commonly select weak and insecure ciphers even when they support stronger ones
|
file |
diff |
annotate
|
| Thu, 31 Oct 2013 20:47:57 +0100 |
Kim Alvefur |
Merge 0.9 -> 0.10
|
file |
diff |
annotate
|
| Thu, 31 Oct 2013 19:00:36 +0100 |
Kim Alvefur |
certmanager: Disable SSLv3 by default
|
file |
diff |
annotate
|
| Tue, 15 Oct 2013 10:47:34 +0200 |
Kim Alvefur |
certmanager: Fix. Again.
|
file |
diff |
annotate
|
| Tue, 15 Oct 2013 01:37:16 +0200 |
Kim Alvefur |
certmanager: Add back single_dh_use and single_ecdh_use to default options (Zash breaks, Zash unbreaks)
|
file |
diff |
annotate
|
| Tue, 03 Sep 2013 15:43:59 +0200 |
Kim Alvefur |
certmanager: Allow for specifying the dhparam option as a path to a file instead of a callback
|
file |
diff |
annotate
|
| Tue, 03 Sep 2013 13:43:39 +0200 |
Kim Alvefur |
Merge 0.9->trunk
|
file |
diff |
annotate
|
| Tue, 03 Sep 2013 13:40:29 +0200 |
Kim Alvefur |
certmanager: Fix dhparam callback, missing imports (Testing, pfft)
0.9.1
|
file |
diff |
annotate
|
| Tue, 03 Sep 2013 12:32:18 +0100 |
Matthew Wild |
Merge 0.9->trunk
|
file |
diff |
annotate
|
| Tue, 03 Sep 2013 13:13:31 +0200 |
Kim Alvefur |
certmanager: Allow for specifying the dhparam option as a path to a file instead of a callback
|
file |
diff |
annotate
|
| Tue, 03 Sep 2013 12:11:11 +0100 |
Matthew Wild |
certmanager: Fix for working around a bug with LuaSec 0.4.1 that causes it to not honour the 'ciphers' option. This change will apply 0.9's default cipher string for LuaSec 0.4.1 users.
|
file |
diff |
annotate
|
| Fri, 09 Aug 2013 17:48:21 +0200 |
Florian Zeitz |
Remove all trailing whitespace
|
file |
diff |
annotate
|
| Sat, 13 Jul 2013 13:17:53 +0100 |
Matthew Wild |
Merge 0.9->trunk
|
file |
diff |
annotate
|
| Sat, 13 Jul 2013 13:15:24 +0100 |
Matthew Wild |
certmanager: Set our own default cipher string, which includes only ciphers regarded as 'HIGH' strength (by OpenSSL). In particular this disables RC4.
|
file |
diff |
annotate
|
| Thu, 13 Jun 2013 17:44:42 +0200 |
Kim Alvefur |
certmanager: Overhaul of how ssl configs are built.
|
file |
diff |
annotate
|
| Thu, 13 Jun 2013 00:46:29 +0100 |
Matthew Wild |
Merge 0.9->trunk
|
file |
diff |
annotate
|
| Thu, 13 Jun 2013 00:45:41 +0100 |
Matthew Wild |
certmanager: Add single_dh_use and single_ecdh_use to default options
|
file |
diff |
annotate
|
| Thu, 13 Jun 2013 00:09:56 +0100 |
Matthew Wild |
Merge 0.9->trunk
|
file |
diff |
annotate
|
| Thu, 13 Jun 2013 00:04:04 +0100 |
Matthew Wild |
certmanager: Set ssl.curve to 'secp384r1' by default, to enable ECC ciphers
|
file |
diff |
annotate
|
| Tue, 11 Jun 2013 21:50:41 +0100 |
Matthew Wild |
Merge 0.9->trunk
|
file |
diff |
annotate
|
| Tue, 11 Jun 2013 21:44:53 +0100 |
Matthew Wild |
certmanager: Use 'curve' and 'dhparam' options from ssl config if present
|
file |
diff |
annotate
|
| Fri, 07 Jun 2013 20:55:02 +0200 |
Kim Alvefur |
certmanager: Complain if key or certificate is missing from SSL config.
|
file |
diff |
annotate
|
| Wed, 22 May 2013 14:32:02 +0100 |
Matthew Wild |
certmanager: Disable SSL compression if possible (LuaSec 0.5 or 0.4.1+OpenSSL 1.x)
|
file |
diff |
annotate
|
| Sat, 23 Mar 2013 02:33:15 +0100 |
Kim Alvefur |
core.*: Complete removal of all traces of the "core" section and section-related code.
|
file |
diff |
annotate
|
| Mon, 07 Jan 2013 02:17:07 +0100 |
Kim Alvefur |
certmanager: Fix nil index if no LuaSec available
|
file |
diff |
annotate
|
| Fri, 28 Dec 2012 15:00:43 +0100 |
Kim Alvefur |
core.certmanager: Add support for LuaSec 0.5. Also compat with MattJs luasec-hg
|
file |
diff |
annotate
|
| Mon, 23 Jul 2012 16:42:26 +0100 |
Matthew Wild |
certmanager: Remove unused import of setmetatable
|
file |
diff |
annotate
|
| Mon, 23 Jul 2012 16:39:49 +0100 |
Matthew Wild |
certmanager: Fix for traceback WITH LuaSec... (!) (thanks IRON)
|
file |
diff |
annotate
|
| Mon, 23 Jul 2012 14:17:42 +0100 |
Matthew Wild |
certmanager: Fix traceback for missing LuaSec (thanks Link Mauve)
|
file |
diff |
annotate
|
| Tue, 12 Jun 2012 17:02:35 +0500 |
Waqas Hussain |
certmanager: Add quotes around cert file path when logging.
|
file |
diff |
annotate
|
| Sat, 19 May 2012 21:57:40 +0100 |
Matthew Wild |
certmanager: tonumber() (fix for 0b8134015635)
|
file |
diff |
annotate
|
| Sat, 19 May 2012 21:53:43 +0100 |
Matthew Wild |
certmanager: Don't use no_ticket option before LuaSec 0.4
|
file |
diff |
annotate
|
| Fri, 18 May 2012 01:50:51 +0100 |
Matthew Wild |
certmanager: no_ticket is not a verification option (thanks Zash)
|
file |
diff |
annotate
|
| Fri, 18 May 2012 00:31:23 +0100 |
Matthew Wild |
certmanager: Add no_ticket option for OpenSSL (we don't support resumption yet)
|
file |
diff |
annotate
|
| Fri, 11 May 2012 20:24:15 +0100 |
Matthew Wild |
certmanager: Adjust error messages to be non-specific about 'host' (so we can specify a service name instead ffor SSL)
|
file |
diff |
annotate
|
| Sat, 21 Apr 2012 23:11:59 +0200 |
Kim Alvefur |
core.certmanager: Log a message when a password is required but not supplied. fixes #214
|
file |
diff |
annotate
|
| Tue, 01 Nov 2011 23:57:42 +0500 |
Waqas Hussain |
certmanager: More informative logging.
|
file |
diff |
annotate
|
| Thu, 25 Aug 2011 12:09:16 +0500 |
Waqas Hussain |
certmanager: Support setting ciphers in SSL config. LuaSec apparently ignores the documented ciphers option.
|
file |
diff |
annotate
|
| Sun, 28 Nov 2010 21:09:55 +0000 |
Matthew Wild |
certmanager: Add required verify flags for cert verification if LuaSec (probably) supports them
|
file |
diff |
annotate
|
| Wed, 10 Nov 2010 19:46:53 +0000 |
Matthew Wild |
prosody, configmanager, certmanager: Relocate prosody.resolve_relative_path() to configmanager, and update certmanager (the only user of this function)
|
file |
diff |
annotate
|
| Sat, 06 Nov 2010 18:28:15 +0000 |
Matthew Wild |
certmanager, hostmanager, mod_tls: Move responsibility for creating per-host SSL contexts to mod_tls, meaning reloading certs is now as trivial as reloading mod_tls
|
file |
diff |
annotate
|
| Sat, 16 Oct 2010 23:00:42 +0500 |
Waqas Hussain |
Monster whitespace commit (beware the whitespace monster).
|
file |
diff |
annotate
|
| Fri, 23 Jul 2010 23:14:50 +0500 |
Waqas Hussain |
prosody.resolve_relative_path: Updated to take a parent path to resolve against.
|
file |
diff |
annotate
|
| Fri, 23 Jul 2010 09:22:27 +0100 |
Matthew Wild |
Merge 0.7->trunk
|
file |
diff |
annotate
|
| Fri, 23 Jul 2010 09:17:11 +0100 |
Matthew Wild |
certmanager: Don't disable LuaSec and future cert loading on failure, and add error messages to the no LuaSec/config cases (thanks Jakob)
|
file |
diff |
annotate
|
| Thu, 15 Jul 2010 08:27:56 +0100 |
Matthew Wild |
Merge with backout
|
file |
diff |
annotate
|
| Thu, 15 Jul 2010 08:25:50 +0100 |
Matthew Wild |
Backed out changeset 598c33a99a31 (already fixed a better way)
|
file |
diff |
annotate
|
| Wed, 14 Jul 2010 16:24:15 +0100 |
Matthew Wild |
certmanager: Fix to handle the case of no SSL configuration at all
|
file |
diff |
annotate
|
| Thu, 15 Jul 2010 11:28:31 +0500 |
Waqas Hussain |
certmanager: Added copyright header.
|
file |
diff |
annotate
|
| Thu, 15 Jul 2010 11:28:14 +0500 |
Waqas Hussain |
certmanager: Defined default_capath to prevent a global nil access.
|
file |
diff |
annotate
|
| Thu, 15 Jul 2010 11:25:41 +0500 |
Waqas Hussain |
certmanager: Use an empty table as the default ssl config when a global 'ssl' config option isn't specified (fixes a top-level traceback on startup).
|
file |
diff |
annotate
|
| Tue, 13 Jul 2010 15:28:52 +0100 |
Matthew Wild |
certmanager: Remove debug logging accidentally committed
|
file |
diff |
annotate
|
| Tue, 13 Jul 2010 13:56:14 +0100 |
Matthew Wild |
certmanager: Adjust paths of SSL key/certs to be relative to the config file, fixes #147
|
file |
diff |
annotate
|
| Fri, 05 Mar 2010 15:00:11 +0000 |
Matthew Wild |
certmanager: Friendlier error reporting on OpenWRT and other cases where we don't understand the OpenSSL error
|
file |
diff |
annotate
|
| Fri, 05 Mar 2010 14:49:56 +0000 |
Matthew Wild |
certmanager: Fix nil global access (thanks Marc)
|
file |
diff |
annotate
|
| Mon, 01 Mar 2010 18:52:47 +0000 |
Matthew Wild |
certmanager: Fix global access
|
file |
diff |
annotate
|
| Sat, 13 Feb 2010 16:12:53 +0000 |
Matthew Wild |
Merge with 0.7
|
file |
diff |
annotate
|
| Sat, 13 Feb 2010 16:12:21 +0000 |
Matthew Wild |
certmanager: Bring back the friendly errors when failing to load the key/certificate file
|
file |
diff |
annotate
|
| Sat, 13 Feb 2010 16:08:43 +0000 |
Matthew Wild |
certmanager, hostmanager: Rename get_context() to create_context() to be more explicit about what it does
|
file |
diff |
annotate
|
| Fri, 05 Feb 2010 14:31:25 +0000 |
Matthew Wild |
certmanager: Fix traceback with no LuaSec
|
file |
diff |
annotate
|
| Fri, 05 Feb 2010 14:22:48 +0000 |
Matthew Wild |
certmanager: Tabs not spaces!
|
file |
diff |
annotate
|
| Sun, 31 Jan 2010 17:22:59 +0000 |
Matthew Wild |
certmanager: Hello world, I'm come to manage your SSL contexts
|
file |
diff |
annotate
|