Kim Alvefur <zash@zash.se> [Thu, 22 Dec 2022 00:13:37 +0100] rev 12820
mod_s2s_auth_certs: Validate certificates against secure SRV targets
Secure delegation or "Mini-DANE"
As with the existing DANE support, only usable in one direction, client
certificate authentication will fail if this is relied on.
Kim Alvefur <zash@zash.se> [Thu, 22 Dec 2022 00:11:23 +0100] rev 12819
net.resolvers.basic: Record hostname coming from secure SRV records
Will be useful even later...
Kim Alvefur <zash@zash.se> [Thu, 22 Dec 2022 00:10:49 +0100] rev 12818
net.resolvers.service: Record DNSSEC security status of SRV records
Will be useful later.
Kim Alvefur <zash@zash.se> [Wed, 21 Dec 2022 23:46:37 +0100] rev 12817
net.resolvers.service: Fix reporting of Bogus DNSSEC results
The order of checks led to Bogus results being reported with a generic
"unable to resolve service". This had no practical effects as such
results are simply empty and the process would stop there.
Tested by attempting to establish s2s with dnssec-bogus.sg and observing
the error reply.
Kim Alvefur <zash@zash.se> [Wed, 21 Dec 2022 21:34:07 +0100] rev 12816
Revert unintentionally committed parts of 12bd40b8e105
Kim Alvefur <zash@zash.se> [Wed, 09 Nov 2022 19:10:16 +0100] rev 12815
mod_s2s: Retrieve stanza size limit from peer for bidi connections
Having mod_s2s know about the bidi namespace is perhaps a bit awkward
but putting this in mod_s2s_bidi would be more awkward as it has nothing
to do with limits. Some indirection event could be added in the future.
Kim Alvefur <zash@zash.se> [Thu, 20 Oct 2022 14:22:36 +0200] rev 12814
mod_s2s: Advertise stream features on bidi connections
Kim Alvefur <zash@zash.se> [Thu, 20 Oct 2022 14:12:56 +0200] rev 12813
mod_s2s_bidi: Add provisions for advertising features to bidi peers
As introduced in XEP-xxxx: Stream Limits Advertisement
Kim Alvefur <zash@zash.se> [Thu, 20 Oct 2022 14:04:56 +0200] rev 12812
mod_c2s,mod_s2s: Adapt to XEP-xxxx: Stream Limits Advertisement
Thanks MattJ
Kim Alvefur <zash@zash.se> [Tue, 16 Mar 2021 18:30:54 +0100] rev 12811
mod_s2s: Avoid sending too large stanzas
Just dropping them isn't great but hopefully something more sensible can
be done in the future.
Will need work to ensure that this signal is handled correctly in
sending modules etc.