Matthew Wild <mwild1@gmail.com> [Fri, 07 May 2021 17:03:49 +0100] rev 11544
mod_c2s, mod_s2s, mod_component, mod_bosh, mod_websockets: Set default stanza size limits
c2s/bosh/ws streams will default to 256KB, s2s and components to 512KB.
These values are aligned with ejabberd's default settings, which should reduce
issues related to inconsistent size limits between servers on the XMPP network.
The previous default (10MB) is excessive for any production server, and allows
significant memory usage by even unauthenticated sessions.
Matthew Wild <mwild1@gmail.com> [Fri, 07 May 2021 16:41:39 +0100] rev 11543
util.startup: Set more aggressive defaults for GC
Testing has demonstrated that the default GC parameters are not
sufficient to prevent runaway memory growth when running under Lua 5.2
and Lua 5.3.
Setting the GC speed to 500 was tested on Lua versions 5.1->5.4 and did
not display unbounded memory growth.
Kim Alvefur <zash@zash.se> [Fri, 07 May 2021 16:47:58 +0200] rev 11542
core.certmanager: Catch error from lfs
lfs.dir() throws a hard error if there's a problem, e.g. no such
directory or permission issues. This also gets called early enough that
the main loop error protection hasn't been brought up yet, causing a
proper crash.
Kim Alvefur <zash@zash.se> [Fri, 07 May 2021 16:35:37 +0200] rev 11541
core.certmanager: Resolve certs path relative to config dir
Otherwise the default "certs" would be relative to $PWD, which works
when testing from a source checkout, but not on installed systems where
it usually points to the data directory.
Also, the LuaFileSystem dir() iterator throws a hard error, which may
cause a crash or other problems.
Kim Alvefur <zash@zash.se> [Wed, 05 May 2021 17:54:44 +0200] rev 11540
core.portmanager: Use existing http_host for https SNI mapping
Kim Alvefur <zash@zash.se> [Wed, 05 May 2021 17:52:51 +0200] rev 11539
core.portmanager: Allow overriding expected SNI name per service
E.g.
VirtualHost"example.com"
https_name = "xmpp.example.com"
Kim Alvefur <zash@zash.se> [Wed, 05 May 2021 15:56:39 +0200] rev 11538
core.certmanager: Skip directly to guessing of key from cert filename
Cuts down on a ton of debug logs
Kim Alvefur <zash@zash.se> [Wed, 05 May 2021 15:54:05 +0200] rev 11537
core.certmanager: Join paths with OS-aware util.paths function
Right thing to do, rather than hardcoding '/'
Kim Alvefur <zash@zash.se> [Sat, 10 Apr 2021 14:45:40 +0200] rev 11536
core.certmanager: Build an index over certificates
Kim Alvefur <zash@zash.se> [Sat, 10 Apr 2021 14:45:03 +0200] rev 11535
core.certmanager: Check for complete filename
Prevents a false positive match on files with fullchain.pem as suffix