Kim Alvefur <zash@zash.se> [Tue, 02 Aug 2022 19:26:26 +0200] rev 12606
mod_tls: Record STARTTLS state so it can be shown in Shell
This field can be viewed using s2s:show(nil, "... starttls") even
without any special support in mod_admin_shell, which can be added later
to make it nicer. One can then assume that a TLS connection with an
empty / nil starttls field means Direct TLS.
Kim Alvefur <zash@zash.se> [Tue, 02 Aug 2022 16:08:43 +0200] rev 12605
net.resolvers.basic: Add opt-out argument for DNSSEC security status
This makes explicit which lookups can accept an unsigned response.
Insecure (unsigned, as before DNSSEC) A and AAAA records can be used as
security would come from TLS, but an insecure TLSA record is worthless.
Kim Alvefur <zash@zash.se> [Fri, 29 Jul 2022 17:10:31 +0200] rev 12604
Merge 0.12->trunk
Kim Alvefur <zash@zash.se> [Fri, 22 Jul 2022 19:09:50 +0200] rev 12603
mod_storage_sql: Fix summary API with Postgres (fixes #1766)
The ORDER BY and LIMIT clauses are not needed and don't even make much
sense. This part was most likely a leftover from the :find method.
Tested with sqlite and postgres 14
Kim Alvefur <zash@zash.se> [Fri, 22 Jul 2022 18:32:45 +0200] rev 12602
storage tests: Add test for the archive:summary API
Passes with memory, internal, sqlite
Fails with postgres as in #1766
Kim Alvefur <zash@zash.se> [Sun, 17 Jul 2022 17:05:28 +0200] rev 12601
mod_http_files: Log warning about legacy modules using mod_http_files
It is time. Most community modules should have been adjusted to work
with the new (net.http.files) way.
At some point this usage should be prevented.
Related to #1765
Kim Alvefur <zash@zash.se> [Wed, 27 Jul 2022 00:32:04 +0200] rev 12600
util.sasl.scram: Add 'tls-exporter' as recognised channel binding method
The last missing piece of #1760, otherwise SCRAM-SHA-*-PLUS is not
actually advertised.
Kim Alvefur <zash@zash.se> [Wed, 27 Jul 2022 00:10:08 +0200] rev 12599
Merge 0.12->trunk
Kim Alvefur <zash@zash.se> [Wed, 01 Jun 2022 15:06:59 +0200] rev 12598
mod_saslauth: Implement RFC 9266 'tls-exporter' channel binding (#1760)
Brings back SCRAM-SHA-*-PLUS from its hiatus brought on by the earlier
channel binding method being undefined for TLS 1.3, and the increasing
deployment of TLS 1.3.
See 1bfd238e05ad and #1542
Requires future version of LuaSec, once support for this key material
export method is merged.
See https://github.com/brunoos/luasec/pull/187
Kim Alvefur <zash@zash.se> [Tue, 26 Jul 2022 23:44:33 +0200] rev 12597
mod_bookmarks: Reduce error about not having bookmarks to debug (thanks tom)
This is happens if the account is new and doesn't have any bookmarks
yet, which is not a problem.
Rarely seen since most clients currently use the older version of
XEP-0084 stored in XEP-0049 rather than in PEP, but at least one
(Converse.js )does.
One scenario in which this would show up often is with Converse.js as a
guest chat using anonymous authentication, where all "accounts" would
always be new and not have any bookmarks. This scenario probably does
not need to have mod_bookmarks at all, but if enabled globally it would
likely become loaded onto the VirtualHost unless explicitly disabled.