Kim Alvefur <zash@zash.se> [Thu, 05 May 2022 14:10:59 +0200] rev 12493
mod_cron: Fix recording last task run time #1751
The type checks, they do nothing!
Observed: Tasks that were supposed to run weekly or daily were running
each hour.
Kim Alvefur <zash@zash.se> [Tue, 03 May 2022 19:36:17 +0200] rev 12492
util.prosodyctl.check: turn: Report lack of TURN services as a problem #1749
Rationale: It seems unlikely that someone who has not configured any
TURN service runs 'prosodyctl check turn' expecting this to be okay.
Kim Alvefur <zash@zash.se> [Wed, 27 Apr 2022 21:45:36 +0200] rev 12491
net.server_select: Restore dependency on LuaSec to soft for tests
server_select is used in e.g. storagemanager tests, and some of the CI
runners are lacking LuaSec, which resulted in failures.
Kim Alvefur <zash@zash.se> [Wed, 27 Apr 2022 21:34:35 +0200] rev 12490
net.tls_luasec: Harden dependency on LuaSec
We at some point decided that it was okay to have a hard dependency the
TLS library. Especially here since this module is meant to contain all
LuaSec specifics.
Kim Alvefur <zash@zash.se> [Wed, 27 Apr 2022 21:12:25 +0200] rev 12489
Merge 0.12->trunk
Jonas Schäfer <jonas@wielicki.name> [Fri, 17 Sep 2021 21:43:54 +0200] rev 12488
mod_tls: pass target hostname to starttls
In case the network backend needs it for outgoing SNI or something.
Jonas Schäfer <jonas@wielicki.name> [Sat, 02 Apr 2022 11:18:57 +0200] rev 12487
mod_tls: tell network backend to stop reading while preparing TLS
Jonas Schäfer <jonas@wielicki.name> [Fri, 17 Sep 2021 21:18:30 +0200] rev 12486
mod_tls: Do not offer TLS if the connection is considered secure
This may be necessary if the session.conn object is not exchanged by the
network backend when establishing TLS. In that case, the starttls method
will always exist and thus that is not a good indicator for offering
TLS.
However, the secure bit already tells us that TLS has been established
or is not to be established on the connection, so we use that instead.
Jonas Schäfer <jonas@wielicki.name> [Sat, 02 Apr 2022 11:15:33 +0200] rev 12485
net: refactor sslconfig to not depend on LuaSec
This now requires that the network backend exposes a tls_builder
function, which essentially wraps the former util.sslconfig.new()
function, passing a factory to create the eventual SSL context.
That allows a net.server backend to pick whatever it likes as SSL
context factory, as long as it understands the config table passed by
the SSL config builder. Heck, a backend could even mock and replace the
entire SSL config builder API.
Jonas Schäfer <jonas@wielicki.name> [Wed, 27 Apr 2022 17:44:14 +0200] rev 12484
net: isolate LuaSec-specifics
For this, various accessor functions are now provided directly on the
sockets, which reach down into the LuaSec implementation to obtain the
information.
While this may seem of little gain at first, it hides the implementation
detail of the LuaSec+LuaSocket combination that the actual socket and
the TLS layer are separate objects.
The net gain here is that an alternative implementation does not have to
emulate that specific implementation detail and "only" has to expose
LuaSec-compatible data structures on the new functions.