Kim Alvefur <zash@zash.se> [Thu, 10 Jun 2021 15:30:54 +0200] rev 11601
core.portmanager: Reload direct TLS certificates after config reload
This should re-create all contexts the same way as when the service was
activated, which reloads certificates.
Kim Alvefur <zash@zash.se> [Thu, 10 Jun 2021 15:21:07 +0200] rev 11600
core.portmanager: Factor out base TLS context creation for reuse
Thinking I can use this to reload certificates after config reload
Kim Alvefur <zash@zash.se> [Thu, 10 Jun 2021 13:48:20 -0003] rev 11599
net.server_epoll: Add missing method for changing TLS context
Supported by the other net.server implementations already, but not used
anywhere in Prosody.
Kim Alvefur <zash@zash.se> [Tue, 08 Jun 2021 13:33:40 +0200] rev 11598
mod_http_file_share: Build list of measuring buckets for configured size limit
Creates buckets up to the configured size limit or 1TB, whichever is
smaller, e.g. {1K, 4K, 16K, ... 4M, 16M}
Kim Alvefur <zash@zash.se> [Tue, 08 Jun 2021 00:58:27 +0200] rev 11597
util.openmetrics: Prettify format of histogram buckets
"%g" turns 1GB into 1.07374e+09, which is a bit awkward for the bytes
measurements IMO. Turning up the precision, at "%.17g" turns 0.1 into
0.10000000000000001 while "%0.16" gives 0.1, hiding most of those pesky
floating point artefacts. Lua version 5.2 uses "%.14g" ( see
LUA_NUMBER_FMT in luaconf.h.html ) so it seems like a sensible choice
here.
Kim Alvefur <zash@zash.se> [Mon, 07 Jun 2021 17:37:14 +0200] rev 11596
net.server_epoll: Fix reporting of socket connect timeout
If the underlying TCP connection times out before the write timeout
kicks in, end up here with err="timeout", which the following code
treats as a minor issue.
Then, due to epoll apparently returning the EPOLLOUT (writable) event
too, we go on and try to write to the socket (commonly stream headers).
This fails because the socket is closed, which becomes the error
returned up the stack to the rest of Prosody.
This also trips the 'onconnect' signal, which has effects on various
things, such as the net.connect state machine. Probably undesirable
effects.
With this, we instead return "connection timeout", like server_event,
and destroy the connection handle properly. And then nothing else
happens because the connection has been destroyed.
Kim Alvefur <zash@zash.se> [Thu, 27 May 2021 09:22:07 +0200] rev 11595
core.certmanager: Skip service certificate lookup for https client
Quick Fix\u{2122} to stop prevent certmanager from automatically adding
a client certificate for net.http.request, since this normally does not
require such.
Kim Alvefur <zash@zash.se> [Fri, 28 May 2021 17:09:22 +0200] rev 11594
core.portmanager: Fix race condition in initialization of SNI cert map
Under some circumstances when hosts and modules are loaded in some
certain order, entries end up missing from the SNI map. This manifests
in e.g. `curl https://localhost:5281/` giving an error about
"unrecognized name".
The `service` argument is `nil` when invoked from the "host-activated"
event, leading it to iterating over every service. And then it would not
be fetching e.g. `http_host` from the config, which explains why https
would sometimes not work due to the missing name entry.
Because when `service` is included, this limits the iteration to
matching entries, while also returning the same value as the `name` loop
variable. Because `name == service when service != nil` we can use name
instead in the body of the loop.
Kim Alvefur <zash@zash.se> [Fri, 28 May 2021 00:17:44 +0200] rev 11593
scansion: Really silence the certificates dir error
certificate_s_, plural, is the directory setting
Kim Alvefur <zash@zash.se> [Thu, 27 May 2021 15:49:57 +0200] rev 11592
scansion: Silence an error from cert indexer due to missing certs dir