Mon, 16 May 2022 11:39:17 +0200 |
Kim Alvefur |
core.certmanager: Expand debug messages about cert lookups in index
0.12
|
file |
diff |
annotate
|
Sat, 02 Apr 2022 11:15:33 +0200 |
Jonas Schäfer |
net: refactor sslconfig to not depend on LuaSec
|
file |
diff |
annotate
|
Wed, 27 Apr 2022 17:44:14 +0200 |
Jonas Schäfer |
net: isolate LuaSec-specifics
|
file |
diff |
annotate
|
Fri, 04 Mar 2022 16:33:41 +0000 |
Matthew Wild |
Merge config-updates+check-turn from timber
|
file |
diff |
annotate
|
Thu, 10 Feb 2022 17:15:55 +0100 |
Kim Alvefur |
core.certmanager: Turn soft dependency on LuaSec into a hard
|
file |
diff |
annotate
|
Mon, 21 Feb 2022 08:54:39 +0100 |
Kim Alvefur |
core.certmanager: Ensure key exists for fullchain
|
file |
diff |
annotate
|
Mon, 14 Feb 2022 18:29:31 +0100 |
Kim Alvefur |
core.certmanager: Relax certificate filename check #1713
|
file |
diff |
annotate
|
Tue, 18 Jan 2022 11:52:35 +0100 |
Kim Alvefur |
core.certmanager: Use 'tls_profile' instead of 'tls_preset' to match documentation
|
file |
diff |
annotate
|
Tue, 18 Jan 2022 08:04:16 +0100 |
Kim Alvefur |
core.certmanager: Apply TLS preset before global settings (thanks Menel)
|
file |
diff |
annotate
|
Thu, 16 Sep 2021 09:52:51 +0200 |
Kim Alvefur |
core.certmanager: Disable DANE name checks (not needed for XMPP)
|
file |
diff |
annotate
|
Sun, 26 Dec 2021 00:05:16 +0100 |
Kim Alvefur |
core.certmanager: Add curveslist to 'old' Mozilla TLS preset
|
file |
diff |
annotate
|
Wed, 22 Dec 2021 15:13:49 +0100 |
Kim Alvefur |
core.certmanager: Check index for wildcard certs
|
file |
diff |
annotate
|
Tue, 21 Dec 2021 21:20:21 +0100 |
Jonas Schäfer |
prosodyctl cert: use the indexing functions for better UX
|
file |
diff |
annotate
|
Wed, 22 Dec 2021 14:24:26 +0100 |
Kim Alvefur |
core.certmanager: Rename preset option to 'tls_preset'
|
file |
diff |
annotate
|
Wed, 22 Dec 2021 14:12:10 +0100 |
Kim Alvefur |
core.certmanager: Add "legacy" preset for keeping previous default settings
|
file |
diff |
annotate
|
Wed, 03 Nov 2021 12:23:29 +0100 |
Kim Alvefur |
core.certmanager: Add TLS 1.3 cipher suites to Mozilla TLS presets
|
file |
diff |
annotate
|
Sun, 22 Dec 2019 02:25:37 +0100 |
Kim Alvefur |
core.certmanager: Presets based on Mozilla SSL Configuration Generator
|
file |
diff |
annotate
|
Sun, 18 Jul 2021 22:46:57 +0200 |
Kim Alvefur |
core.certmanager: Support 'use_dane' setting to enable DANE support
|
file |
diff |
annotate
|
Thu, 27 May 2021 09:22:07 +0200 |
Kim Alvefur |
core.certmanager: Skip service certificate lookup for https client
|
file |
diff |
annotate
|
Thu, 13 May 2021 11:17:13 +0100 |
Matthew Wild |
Merge 0.11->trunk
|
file |
diff |
annotate
|
Tue, 11 May 2021 14:14:15 +0100 |
Matthew Wild |
certmanager: Disable renegotiation by default
0.11
|
file |
diff |
annotate
|
Mon, 26 Apr 2021 15:32:05 +0200 |
Kim Alvefur |
core.certmanager: Test for SSL options in absence of LuaSec config
0.11
|
file |
diff |
annotate
|
Mon, 26 Apr 2021 15:30:13 +0200 |
Kim Alvefur |
core.certmanager: Attempt to directly access LuaSec config table
0.11
|
file |
diff |
annotate
|
Fri, 07 May 2021 16:47:58 +0200 |
Kim Alvefur |
core.certmanager: Catch error from lfs
|
file |
diff |
annotate
|
Fri, 07 May 2021 16:35:37 +0200 |
Kim Alvefur |
core.certmanager: Resolve certs path relative to config dir
|
file |
diff |
annotate
|
Wed, 05 May 2021 15:56:39 +0200 |
Kim Alvefur |
core.certmanager: Skip directly to guessing of key from cert filename
|
file |
diff |
annotate
|
Wed, 05 May 2021 15:54:05 +0200 |
Kim Alvefur |
core.certmanager: Join paths with OS-aware util.paths function
|
file |
diff |
annotate
|
Sat, 10 Apr 2021 14:45:40 +0200 |
Kim Alvefur |
core.certmanager: Build an index over certificates
|
file |
diff |
annotate
|
Sat, 10 Apr 2021 14:45:03 +0200 |
Kim Alvefur |
core.certmanager: Check for complete filename
|
file |
diff |
annotate
|
Sat, 06 Feb 2021 22:12:38 +0100 |
Kim Alvefur |
core.certmanager: Add comments explaining the 'verifyext' TLS settings
|
file |
diff |
annotate
|
Sun, 07 Jun 2020 02:12:50 +0200 |
Kim Alvefur |
core.certmanager: Add TODO about LuaSec issue
|
file |
diff |
annotate
|
Mon, 13 Apr 2020 16:14:39 +0200 |
Kim Alvefur |
Merge 0.11->trunk
|
file |
diff |
annotate
|
Sun, 25 Aug 2019 20:22:35 +0200 |
Kim Alvefur |
core.certmanager: Move EECDH ciphers before EDH in default cipherstring (fixes #1513)
0.11
|
file |
diff |
annotate
|
Fri, 10 Apr 2020 19:03:36 +0200 |
Kim Alvefur |
Merge 0.11->trunk
|
file |
diff |
annotate
|
Fri, 10 Apr 2020 16:11:09 +0200 |
Kim Alvefur |
core.certmanager: Look for privkey.pem to go with fullchain.pem (fix #1526)
0.11
|
file |
diff |
annotate
|
Fri, 29 Nov 2019 23:24:14 +0100 |
Kim Alvefur |
core.portmanager: Fix TLS context inheritance for SNI hosts (completes SNI support)
|
file |
diff |
annotate
|
Sat, 07 Sep 2019 00:00:40 +0200 |
Kim Alvefur |
core.certmanager: Lower severity for tls config not having cert
|
file |
diff |
annotate
|
Sun, 25 Aug 2019 23:25:42 +0200 |
Kim Alvefur |
core.certmanager: Remove unused import [luacheck]
|
file |
diff |
annotate
|
Sun, 25 Aug 2019 23:12:55 +0200 |
Kim Alvefur |
Remove COMPAT with temporary luasec fork
|
file |
diff |
annotate
|
Sun, 25 Aug 2019 20:22:35 +0200 |
Kim Alvefur |
core.certmanager: Move EECDH ciphers before EDH in default cipherstring
|
file |
diff |
annotate
|
Sun, 10 Mar 2019 19:58:28 +0100 |
Kim Alvefur |
core.certmanager: Do not ask for client certificates by default
|
file |
diff |
annotate
|
Fri, 25 May 2018 03:33:13 +0200 |
Kim Alvefur |
Merge 0.10->trunk
|
file |
diff |
annotate
|
Fri, 25 May 2018 03:30:16 +0200 |
Kim Alvefur |
core.certmanager: Allow all non-whitespace in service name (fixes #1019)
|
file |
diff |
annotate
|
Wed, 28 Feb 2018 20:06:26 +0100 |
Kim Alvefur |
vairious: Add annotation when an empty environment is set [luacheck]
|
file |
diff |
annotate
|
Thu, 28 Dec 2017 17:32:56 +0100 |
Kim Alvefur |
certmanager: Check for missing certificate before key in configuration (should be marginally less confusing)
|
file |
diff |
annotate
|
Mon, 20 Nov 2017 00:27:26 +0100 |
Kim Alvefur |
certmanager: Set single curve conditioned on LuaSec advertising EC crypto support
|
file |
diff |
annotate
|
Mon, 20 Nov 2017 00:26:41 +0100 |
Kim Alvefur |
certmanager: Filter out curves not supported by LuaSec
|
file |
diff |
annotate
|
Mon, 20 Nov 2017 00:25:18 +0100 |
Kim Alvefur |
certmanager: Change table representing LuaSec capabilities to match capabilities table exposed in LuaSec 0.7
|
file |
diff |
annotate
|
Wed, 27 Sep 2017 15:45:07 +0200 |
Kim Alvefur |
core.certmanager: Set a default curveslist [sic], fixes #879, #943, #951 if used along with luasec 0.7 and openssl 1.1
|
file |
diff |
annotate
|
Wed, 27 Sep 2017 15:21:20 +0200 |
Kim Alvefur |
prosodyctl: cert import: Reuse function from certmanager for locating certificates and keys
|
file |
diff |
annotate
|
Sat, 23 Sep 2017 17:13:29 +0100 |
Matthew Wild |
certmanager: Add debug logging (thanks av6)
|
file |
diff |
annotate
|
Thu, 01 Jun 2017 14:03:50 +0200 |
Kim Alvefur |
certmanager: Update the 'certificates' option after the config has been reloaded (fixes #929)
|
file |
diff |
annotate
|
Sat, 26 Nov 2016 20:08:48 +0100 |
Kim Alvefur |
core.certmanager: Translate "no start line" to something friendlier (thanks santiago)
|
file |
diff |
annotate
|
Mon, 12 Sep 2016 15:49:24 +0200 |
Kim Alvefur |
core.certmanager: Split cipher list into array with comments explaining each part
|
file |
diff |
annotate
|
Fri, 29 Jul 2016 11:24:28 +0200 |
Kim Alvefur |
certmanager: Assume default config path of '.' (fixes prosodyctl check certs when not installed)
|
file |
diff |
annotate
|
Sat, 26 Mar 2016 19:55:08 +0000 |
Matthew Wild |
certmanager: Explicitly tonumber() version number segments before doing arithmetic and avoid relying on implicit coercion (thanks David Favro)
|
file |
diff |
annotate
|
Thu, 18 Feb 2016 13:48:45 +0000 |
Matthew Wild |
certmanager: Localize tonumber
|
file |
diff |
annotate
|
Fri, 05 Feb 2016 16:12:01 +0100 |
Kim Alvefur |
certmanager: Try filename.key if certificate is set to a full filename ending with .crt
|
file |
diff |
annotate
|
Fri, 05 Feb 2016 15:03:39 +0100 |
Kim Alvefur |
certmanager: Apply global ssl config later so certificate/key is not overwritten by magic
|
file |
diff |
annotate
|
Fri, 05 Feb 2016 00:03:41 +0000 |
Matthew Wild |
certmanager: Support new certificate configuration for non-XMPP services too (fixes #614)
|
file |
diff |
annotate
|
Wed, 03 Feb 2016 22:44:29 +0100 |
Kim Alvefur |
core.certmanager: Look for certificate and key in a few different places
|
file |
diff |
annotate
|
Sun, 11 Oct 2015 19:44:15 +0200 |
Kim Alvefur |
core.certmanager: Remove non-string filenames (allows setting eg capath to false to disable the built in default)
|
file |
diff |
annotate
|
Sat, 21 Feb 2015 10:42:19 +0100 |
Kim Alvefur |
core.*: Remove use of module() function
|
file |
diff |
annotate
|
Thu, 05 Feb 2015 17:23:53 +0100 |
Kim Alvefur |
certmanager: Fix compat for MattJs old LuaSec fork
|
file |
diff |
annotate
|
Thu, 05 Feb 2015 17:21:05 +0100 |
Kim Alvefur |
certmanager: Fix previous commit
|
file |
diff |
annotate
|
Thu, 05 Feb 2015 16:59:34 +0100 |
Kim Alvefur |
certmanager: Limit certificate chain depth to 9
|
file |
diff |
annotate
|
Thu, 05 Feb 2015 16:56:28 +0100 |
Kim Alvefur |
certmanager: Options that appear to be available since LuaSec 0.2
|
file |
diff |
annotate
|
Thu, 05 Feb 2015 16:20:50 +0100 |
Kim Alvefur |
certmanager: Improve "detection" of features that depend on LuaSec version
|
file |
diff |
annotate
|
Thu, 05 Feb 2015 15:14:35 +0100 |
Kim Alvefur |
certmanager: Add locals for ssl.context and ssl.x509
|
file |
diff |
annotate
|
Thu, 05 Feb 2015 15:10:23 +0100 |
Kim Alvefur |
certmanager: Early return from the entire module if LuaSec is unavailable
|
file |
diff |
annotate
|
Tue, 20 Jan 2015 11:29:38 +0000 |
Matthew Wild |
certmanager: Make global variable access explicit
|
file |
diff |
annotate
|
Sat, 22 Nov 2014 11:51:54 +0100 |
Kim Alvefur |
certmanager, mod_tls: Return final ssl config as third return value (fix for c6caaa440e74, portmanager assumes non-falsy second return value is an error) (thanks deoren)
|
file |
diff |
annotate
|
Wed, 19 Nov 2014 14:47:03 +0100 |
Kim Alvefur |
certmanager: Return final ssl config along with ssl context on success
|
file |
diff |
annotate
|
Sun, 26 Oct 2014 20:57:06 +0100 |
Kim Alvefur |
Merge 0.9->0.10
|
file |
diff |
annotate
|
Tue, 14 Oct 2014 18:55:08 +0100 |
Matthew Wild |
certmanager, net.http: Disable SSLv3 by default
0.9.6
|
file |
diff |
annotate
|
Thu, 03 Jul 2014 15:32:26 +0200 |
Kim Alvefur |
core.certmanager: Make create_context() support an arbitrary number of option sets, merging all
|
file |
diff |
annotate
|
Thu, 03 Jul 2014 15:31:12 +0200 |
Kim Alvefur |
core.certmanager: Use util.sslconfig
|
file |
diff |
annotate
|
Fri, 09 May 2014 19:35:29 +0200 |
Kim Alvefur |
core.certmanager, core.moduleapi, mod_storage_sql, mod_storage_sql2: Import from util.paths
|
file |
diff |
annotate
|
Mon, 21 Apr 2014 02:43:09 +0200 |
Kim Alvefur |
certmanager: Move ssl.protocol handling to after ssl.options is a table (thanks Ralph)
|
file |
diff |
annotate
|
Sun, 20 Apr 2014 21:25:26 +0200 |
Kim Alvefur |
certmanager: Fix traceback if no global 'ssl' section set (thanks albert)
|
file |
diff |
annotate
|
Tue, 15 Apr 2014 01:02:56 +0200 |
Kim Alvefur |
certmanager: Update ssl_compression when config is reloaded
|
file |
diff |
annotate
|
Tue, 15 Apr 2014 00:49:17 +0200 |
Kim Alvefur |
certmanager: Reformat core ssl defaults
|
file |
diff |
annotate
|
Tue, 15 Apr 2014 00:45:07 +0200 |
Kim Alvefur |
certmanager: Support ssl.protocol syntax like "tlsv1+" that disables older protocols
|
file |
diff |
annotate
|
Tue, 15 Apr 2014 00:32:11 +0200 |
Kim Alvefur |
certmanager: Merge ssl.options, verify etc from core defaults and global ssl settings with inheritance while allowing options to be disabled per virtualhost
|
file |
diff |
annotate
|
Mon, 14 Apr 2014 23:41:26 +0200 |
Kim Alvefur |
certmanager: Wrap long line and add comment
|
file |
diff |
annotate
|
Mon, 14 Apr 2014 23:34:35 +0200 |
Kim Alvefur |
certmanager: Concatenate cipher list if given as a table
|
file |
diff |
annotate
|
Mon, 14 Apr 2014 23:09:28 +0200 |
Kim Alvefur |
certmanager: Allow non-server contexts to be without certificate and key
|
file |
diff |
annotate
|
Mon, 14 Apr 2014 23:00:44 +0200 |
Kim Alvefur |
certmanager: Check for non-nil values instead of true-ish values, allows removing defaults
|
file |
diff |
annotate
|
Thu, 21 Nov 2013 02:14:23 +0000 |
Matthew Wild |
Merge 0.9->0.10
|
file |
diff |
annotate
|
Thu, 21 Nov 2013 02:11:09 +0000 |
Matthew Wild |
certmanager: Further cipher string tweaking. Re-enable ciphers required for DSA and ECDH certs/keys.
|
file |
diff |
annotate
|
Tue, 12 Nov 2013 02:23:02 +0000 |
Matthew Wild |
Merge 0.9->0.10
|
file |
diff |
annotate
|
Tue, 12 Nov 2013 02:13:01 +0000 |
Matthew Wild |
Back out 1b0ac7950129, as SSLv3 appears to still be in moderate use on the network. Also, although obsolete, SSLv3 isn't documented to have any weaknesses that TLS 1.0 (the most common version used today) doesn't also have. Get your act together clients!
|
file |
diff |
annotate
|
Sun, 10 Nov 2013 18:49:34 +0000 |
Matthew Wild |
Merge 0.9->0.10
|
file |
diff |
annotate
|
Sun, 10 Nov 2013 18:46:48 +0000 |
Matthew Wild |
certmanager: Update default cipher string to prefer forward-secrecy over cipher strength and to disable triple-DES (weaker and much slower than AES)
|
file |
diff |
annotate
|
Sat, 09 Nov 2013 18:36:32 +0000 |
Matthew Wild |
Merge 0.9->0.10
|
file |
diff |
annotate
|
Sat, 09 Nov 2013 17:54:21 +0000 |
Matthew Wild |
certmanager: Fix order of options, so that the dynamic option is at the end of the array
|
file |
diff |
annotate
|
Sat, 09 Nov 2013 17:50:19 +0000 |
Matthew Wild |
certmanager: Default to using the server's cipher preference order by default, as clients have been shown to commonly select weak and insecure ciphers even when they support stronger ones
|
file |
diff |
annotate
|
Thu, 31 Oct 2013 20:47:57 +0100 |
Kim Alvefur |
Merge 0.9 -> 0.10
|
file |
diff |
annotate
|
Thu, 31 Oct 2013 19:00:36 +0100 |
Kim Alvefur |
certmanager: Disable SSLv3 by default
|
file |
diff |
annotate
|
Tue, 15 Oct 2013 10:47:34 +0200 |
Kim Alvefur |
certmanager: Fix. Again.
|
file |
diff |
annotate
|
Tue, 15 Oct 2013 01:37:16 +0200 |
Kim Alvefur |
certmanager: Add back single_dh_use and single_ecdh_use to default options (Zash breaks, Zash unbreaks)
|
file |
diff |
annotate
|
Tue, 03 Sep 2013 15:43:59 +0200 |
Kim Alvefur |
certmanager: Allow for specifying the dhparam option as a path to a file instead of a callback
|
file |
diff |
annotate
|
Tue, 03 Sep 2013 13:43:39 +0200 |
Kim Alvefur |
Merge 0.9->trunk
|
file |
diff |
annotate
|
Tue, 03 Sep 2013 13:40:29 +0200 |
Kim Alvefur |
certmanager: Fix dhparam callback, missing imports (Testing, pfft)
0.9.1
|
file |
diff |
annotate
|
Tue, 03 Sep 2013 12:32:18 +0100 |
Matthew Wild |
Merge 0.9->trunk
|
file |
diff |
annotate
|
Tue, 03 Sep 2013 13:13:31 +0200 |
Kim Alvefur |
certmanager: Allow for specifying the dhparam option as a path to a file instead of a callback
|
file |
diff |
annotate
|
Tue, 03 Sep 2013 12:11:11 +0100 |
Matthew Wild |
certmanager: Fix for working around a bug with LuaSec 0.4.1 that causes it to not honour the 'ciphers' option. This change will apply 0.9's default cipher string for LuaSec 0.4.1 users.
|
file |
diff |
annotate
|
Fri, 09 Aug 2013 17:48:21 +0200 |
Florian Zeitz |
Remove all trailing whitespace
|
file |
diff |
annotate
|
Sat, 13 Jul 2013 13:17:53 +0100 |
Matthew Wild |
Merge 0.9->trunk
|
file |
diff |
annotate
|
Sat, 13 Jul 2013 13:15:24 +0100 |
Matthew Wild |
certmanager: Set our own default cipher string, which includes only ciphers regarded as 'HIGH' strength (by OpenSSL). In particular this disables RC4.
|
file |
diff |
annotate
|
Thu, 13 Jun 2013 17:44:42 +0200 |
Kim Alvefur |
certmanager: Overhaul of how ssl configs are built.
|
file |
diff |
annotate
|
Thu, 13 Jun 2013 00:46:29 +0100 |
Matthew Wild |
Merge 0.9->trunk
|
file |
diff |
annotate
|
Thu, 13 Jun 2013 00:45:41 +0100 |
Matthew Wild |
certmanager: Add single_dh_use and single_ecdh_use to default options
|
file |
diff |
annotate
|
Thu, 13 Jun 2013 00:09:56 +0100 |
Matthew Wild |
Merge 0.9->trunk
|
file |
diff |
annotate
|
Thu, 13 Jun 2013 00:04:04 +0100 |
Matthew Wild |
certmanager: Set ssl.curve to 'secp384r1' by default, to enable ECC ciphers
|
file |
diff |
annotate
|
Tue, 11 Jun 2013 21:50:41 +0100 |
Matthew Wild |
Merge 0.9->trunk
|
file |
diff |
annotate
|
Tue, 11 Jun 2013 21:44:53 +0100 |
Matthew Wild |
certmanager: Use 'curve' and 'dhparam' options from ssl config if present
|
file |
diff |
annotate
|
Fri, 07 Jun 2013 20:55:02 +0200 |
Kim Alvefur |
certmanager: Complain if key or certificate is missing from SSL config.
|
file |
diff |
annotate
|
Wed, 22 May 2013 14:32:02 +0100 |
Matthew Wild |
certmanager: Disable SSL compression if possible (LuaSec 0.5 or 0.4.1+OpenSSL 1.x)
|
file |
diff |
annotate
|
Sat, 23 Mar 2013 02:33:15 +0100 |
Kim Alvefur |
core.*: Complete removal of all traces of the "core" section and section-related code.
|
file |
diff |
annotate
|