core/certmanager.lua
Sat, 04 Nov 2023 15:59:51 +0100 Kim Alvefur core.certmanager: Handle dane context setting same way on reload as on initialization
Sun, 29 Oct 2023 21:31:07 +0100 Kim Alvefur core.certmanager: Tweak log level of message about SNI being required
Fri, 27 Oct 2023 22:38:00 +0200 Kim Alvefur Merge 0.12->trunk
Fri, 27 Oct 2023 19:03:59 +0200 Kim Alvefur core.certmanager: Validate that 'tls_profile' is one of the valid values 0.12
Mon, 10 Jul 2023 00:34:37 +0200 Kim Alvefur Merge 0.12->trunk
Sun, 09 Jul 2023 21:18:47 +0200 Kim Alvefur core.certmanager: Update Mozilla TLS config to version 5.7 0.12
Sat, 27 May 2023 15:40:49 +0200 Kim Alvefur net.tls_luasec: Expose method for loading a certificate
Sat, 27 May 2023 15:39:26 +0200 Kim Alvefur net.certmanager: Move LuaSec feature detection to net.tls_luasec
Fri, 17 Mar 2023 16:23:07 +0100 Kim Alvefur core: Prefix module imports with prosody namespace
Mon, 16 May 2022 11:42:31 +0200 Kim Alvefur Merge 0.12->trunk
Mon, 16 May 2022 11:39:17 +0200 Kim Alvefur core.certmanager: Expand debug messages about cert lookups in index 0.12
Sat, 02 Apr 2022 11:15:33 +0200 Jonas Schäfer net: refactor sslconfig to not depend on LuaSec
Wed, 27 Apr 2022 17:44:14 +0200 Jonas Schäfer net: isolate LuaSec-specifics
Fri, 04 Mar 2022 16:33:41 +0000 Matthew Wild Merge config-updates+check-turn from timber
Thu, 10 Feb 2022 17:15:55 +0100 Kim Alvefur core.certmanager: Turn soft dependency on LuaSec into a hard
Mon, 21 Feb 2022 08:54:39 +0100 Kim Alvefur core.certmanager: Ensure key exists for fullchain
Mon, 14 Feb 2022 18:29:31 +0100 Kim Alvefur core.certmanager: Relax certificate filename check #1713
Tue, 18 Jan 2022 11:52:35 +0100 Kim Alvefur core.certmanager: Use 'tls_profile' instead of 'tls_preset' to match documentation
Tue, 18 Jan 2022 08:04:16 +0100 Kim Alvefur core.certmanager: Apply TLS preset before global settings (thanks Menel)
Thu, 16 Sep 2021 09:52:51 +0200 Kim Alvefur core.certmanager: Disable DANE name checks (not needed for XMPP)
Sun, 26 Dec 2021 00:05:16 +0100 Kim Alvefur core.certmanager: Add curveslist to 'old' Mozilla TLS preset
Wed, 22 Dec 2021 15:13:49 +0100 Kim Alvefur core.certmanager: Check index for wildcard certs
Tue, 21 Dec 2021 21:20:21 +0100 Jonas Schäfer prosodyctl cert: use the indexing functions for better UX
Wed, 22 Dec 2021 14:24:26 +0100 Kim Alvefur core.certmanager: Rename preset option to 'tls_preset'
Wed, 22 Dec 2021 14:12:10 +0100 Kim Alvefur core.certmanager: Add "legacy" preset for keeping previous default settings
Wed, 03 Nov 2021 12:23:29 +0100 Kim Alvefur core.certmanager: Add TLS 1.3 cipher suites to Mozilla TLS presets
Sun, 22 Dec 2019 02:25:37 +0100 Kim Alvefur core.certmanager: Presets based on Mozilla SSL Configuration Generator
Sun, 18 Jul 2021 22:46:57 +0200 Kim Alvefur core.certmanager: Support 'use_dane' setting to enable DANE support
Thu, 27 May 2021 09:22:07 +0200 Kim Alvefur core.certmanager: Skip service certificate lookup for https client
Thu, 13 May 2021 11:17:13 +0100 Matthew Wild Merge 0.11->trunk
Tue, 11 May 2021 14:14:15 +0100 Matthew Wild certmanager: Disable renegotiation by default 0.11
Mon, 26 Apr 2021 15:32:05 +0200 Kim Alvefur core.certmanager: Test for SSL options in absence of LuaSec config 0.11
Mon, 26 Apr 2021 15:30:13 +0200 Kim Alvefur core.certmanager: Attempt to directly access LuaSec config table 0.11
Fri, 07 May 2021 16:47:58 +0200 Kim Alvefur core.certmanager: Catch error from lfs
Fri, 07 May 2021 16:35:37 +0200 Kim Alvefur core.certmanager: Resolve certs path relative to config dir
Wed, 05 May 2021 15:56:39 +0200 Kim Alvefur core.certmanager: Skip directly to guessing of key from cert filename
Wed, 05 May 2021 15:54:05 +0200 Kim Alvefur core.certmanager: Join paths with OS-aware util.paths function
Sat, 10 Apr 2021 14:45:40 +0200 Kim Alvefur core.certmanager: Build an index over certificates
Sat, 10 Apr 2021 14:45:03 +0200 Kim Alvefur core.certmanager: Check for complete filename
Sat, 06 Feb 2021 22:12:38 +0100 Kim Alvefur core.certmanager: Add comments explaining the 'verifyext' TLS settings
Sun, 07 Jun 2020 02:12:50 +0200 Kim Alvefur core.certmanager: Add TODO about LuaSec issue
Mon, 13 Apr 2020 16:14:39 +0200 Kim Alvefur Merge 0.11->trunk
Sun, 25 Aug 2019 20:22:35 +0200 Kim Alvefur core.certmanager: Move EECDH ciphers before EDH in default cipherstring (fixes #1513) 0.11
Fri, 10 Apr 2020 19:03:36 +0200 Kim Alvefur Merge 0.11->trunk
Fri, 10 Apr 2020 16:11:09 +0200 Kim Alvefur core.certmanager: Look for privkey.pem to go with fullchain.pem (fix #1526) 0.11
Fri, 29 Nov 2019 23:24:14 +0100 Kim Alvefur core.portmanager: Fix TLS context inheritance for SNI hosts (completes SNI support)
Sat, 07 Sep 2019 00:00:40 +0200 Kim Alvefur core.certmanager: Lower severity for tls config not having cert
Sun, 25 Aug 2019 23:25:42 +0200 Kim Alvefur core.certmanager: Remove unused import [luacheck]
Sun, 25 Aug 2019 23:12:55 +0200 Kim Alvefur Remove COMPAT with temporary luasec fork
Sun, 25 Aug 2019 20:22:35 +0200 Kim Alvefur core.certmanager: Move EECDH ciphers before EDH in default cipherstring
Sun, 10 Mar 2019 19:58:28 +0100 Kim Alvefur core.certmanager: Do not ask for client certificates by default
Fri, 25 May 2018 03:33:13 +0200 Kim Alvefur Merge 0.10->trunk
Fri, 25 May 2018 03:30:16 +0200 Kim Alvefur core.certmanager: Allow all non-whitespace in service name (fixes #1019)
Wed, 28 Feb 2018 20:06:26 +0100 Kim Alvefur vairious: Add annotation when an empty environment is set [luacheck]
Thu, 28 Dec 2017 17:32:56 +0100 Kim Alvefur certmanager: Check for missing certificate before key in configuration (should be marginally less confusing)
Mon, 20 Nov 2017 00:27:26 +0100 Kim Alvefur certmanager: Set single curve conditioned on LuaSec advertising EC crypto support
Mon, 20 Nov 2017 00:26:41 +0100 Kim Alvefur certmanager: Filter out curves not supported by LuaSec
Mon, 20 Nov 2017 00:25:18 +0100 Kim Alvefur certmanager: Change table representing LuaSec capabilities to match capabilities table exposed in LuaSec 0.7
Wed, 27 Sep 2017 15:45:07 +0200 Kim Alvefur core.certmanager: Set a default curveslist [sic], fixes #879, #943, #951 if used along with luasec 0.7 and openssl 1.1
Wed, 27 Sep 2017 15:21:20 +0200 Kim Alvefur prosodyctl: cert import: Reuse function from certmanager for locating certificates and keys
Sat, 23 Sep 2017 17:13:29 +0100 Matthew Wild certmanager: Add debug logging (thanks av6)
Thu, 01 Jun 2017 14:03:50 +0200 Kim Alvefur certmanager: Update the 'certificates' option after the config has been reloaded (fixes #929)
Sat, 26 Nov 2016 20:08:48 +0100 Kim Alvefur core.certmanager: Translate "no start line" to something friendlier (thanks santiago)
Mon, 12 Sep 2016 15:49:24 +0200 Kim Alvefur core.certmanager: Split cipher list into array with comments explaining each part
Fri, 29 Jul 2016 11:24:28 +0200 Kim Alvefur certmanager: Assume default config path of '.' (fixes prosodyctl check certs when not installed)
Sat, 26 Mar 2016 19:55:08 +0000 Matthew Wild certmanager: Explicitly tonumber() version number segments before doing arithmetic and avoid relying on implicit coercion (thanks David Favro)
Thu, 18 Feb 2016 13:48:45 +0000 Matthew Wild certmanager: Localize tonumber
Fri, 05 Feb 2016 16:12:01 +0100 Kim Alvefur certmanager: Try filename.key if certificate is set to a full filename ending with .crt
Fri, 05 Feb 2016 15:03:39 +0100 Kim Alvefur certmanager: Apply global ssl config later so certificate/key is not overwritten by magic
Fri, 05 Feb 2016 00:03:41 +0000 Matthew Wild certmanager: Support new certificate configuration for non-XMPP services too (fixes #614)
Wed, 03 Feb 2016 22:44:29 +0100 Kim Alvefur core.certmanager: Look for certificate and key in a few different places
Sun, 11 Oct 2015 19:44:15 +0200 Kim Alvefur core.certmanager: Remove non-string filenames (allows setting eg capath to false to disable the built in default)
Sat, 21 Feb 2015 10:42:19 +0100 Kim Alvefur core.*: Remove use of module() function
Thu, 05 Feb 2015 17:23:53 +0100 Kim Alvefur certmanager: Fix compat for MattJs old LuaSec fork
Thu, 05 Feb 2015 17:21:05 +0100 Kim Alvefur certmanager: Fix previous commit
Thu, 05 Feb 2015 16:59:34 +0100 Kim Alvefur certmanager: Limit certificate chain depth to 9
Thu, 05 Feb 2015 16:56:28 +0100 Kim Alvefur certmanager: Options that appear to be available since LuaSec 0.2
Thu, 05 Feb 2015 16:20:50 +0100 Kim Alvefur certmanager: Improve "detection" of features that depend on LuaSec version
Thu, 05 Feb 2015 15:14:35 +0100 Kim Alvefur certmanager: Add locals for ssl.context and ssl.x509
Thu, 05 Feb 2015 15:10:23 +0100 Kim Alvefur certmanager: Early return from the entire module if LuaSec is unavailable
Tue, 20 Jan 2015 11:29:38 +0000 Matthew Wild certmanager: Make global variable access explicit
Sat, 22 Nov 2014 11:51:54 +0100 Kim Alvefur certmanager, mod_tls: Return final ssl config as third return value (fix for c6caaa440e74, portmanager assumes non-falsy second return value is an error) (thanks deoren)
Wed, 19 Nov 2014 14:47:03 +0100 Kim Alvefur certmanager: Return final ssl config along with ssl context on success
Sun, 26 Oct 2014 20:57:06 +0100 Kim Alvefur Merge 0.9->0.10
Tue, 14 Oct 2014 18:55:08 +0100 Matthew Wild certmanager, net.http: Disable SSLv3 by default 0.9.6
Thu, 03 Jul 2014 15:32:26 +0200 Kim Alvefur core.certmanager: Make create_context() support an arbitrary number of option sets, merging all
Thu, 03 Jul 2014 15:31:12 +0200 Kim Alvefur core.certmanager: Use util.sslconfig
Fri, 09 May 2014 19:35:29 +0200 Kim Alvefur core.certmanager, core.moduleapi, mod_storage_sql, mod_storage_sql2: Import from util.paths
Mon, 21 Apr 2014 02:43:09 +0200 Kim Alvefur certmanager: Move ssl.protocol handling to after ssl.options is a table (thanks Ralph)
Sun, 20 Apr 2014 21:25:26 +0200 Kim Alvefur certmanager: Fix traceback if no global 'ssl' section set (thanks albert)
Tue, 15 Apr 2014 01:02:56 +0200 Kim Alvefur certmanager: Update ssl_compression when config is reloaded
Tue, 15 Apr 2014 00:49:17 +0200 Kim Alvefur certmanager: Reformat core ssl defaults
Tue, 15 Apr 2014 00:45:07 +0200 Kim Alvefur certmanager: Support ssl.protocol syntax like "tlsv1+" that disables older protocols
Tue, 15 Apr 2014 00:32:11 +0200 Kim Alvefur certmanager: Merge ssl.options, verify etc from core defaults and global ssl settings with inheritance while allowing options to be disabled per virtualhost
Mon, 14 Apr 2014 23:41:26 +0200 Kim Alvefur certmanager: Wrap long line and add comment
Mon, 14 Apr 2014 23:34:35 +0200 Kim Alvefur certmanager: Concatenate cipher list if given as a table
Mon, 14 Apr 2014 23:09:28 +0200 Kim Alvefur certmanager: Allow non-server contexts to be without certificate and key
Mon, 14 Apr 2014 23:00:44 +0200 Kim Alvefur certmanager: Check for non-nil values instead of true-ish values, allows removing defaults
Thu, 21 Nov 2013 02:14:23 +0000 Matthew Wild Merge 0.9->0.10
Thu, 21 Nov 2013 02:11:09 +0000 Matthew Wild certmanager: Further cipher string tweaking. Re-enable ciphers required for DSA and ECDH certs/keys.
Tue, 12 Nov 2013 02:23:02 +0000 Matthew Wild Merge 0.9->0.10
Tue, 12 Nov 2013 02:13:01 +0000 Matthew Wild Back out 1b0ac7950129, as SSLv3 appears to still be in moderate use on the network. Also, although obsolete, SSLv3 isn't documented to have any weaknesses that TLS 1.0 (the most common version used today) doesn't also have. Get your act together clients!
Sun, 10 Nov 2013 18:49:34 +0000 Matthew Wild Merge 0.9->0.10
Sun, 10 Nov 2013 18:46:48 +0000 Matthew Wild certmanager: Update default cipher string to prefer forward-secrecy over cipher strength and to disable triple-DES (weaker and much slower than AES)
Sat, 09 Nov 2013 18:36:32 +0000 Matthew Wild Merge 0.9->0.10
Sat, 09 Nov 2013 17:54:21 +0000 Matthew Wild certmanager: Fix order of options, so that the dynamic option is at the end of the array
Sat, 09 Nov 2013 17:50:19 +0000 Matthew Wild certmanager: Default to using the server's cipher preference order by default, as clients have been shown to commonly select weak and insecure ciphers even when they support stronger ones
Thu, 31 Oct 2013 20:47:57 +0100 Kim Alvefur Merge 0.9 -> 0.10
Thu, 31 Oct 2013 19:00:36 +0100 Kim Alvefur certmanager: Disable SSLv3 by default
Tue, 15 Oct 2013 10:47:34 +0200 Kim Alvefur certmanager: Fix. Again.
Tue, 15 Oct 2013 01:37:16 +0200 Kim Alvefur certmanager: Add back single_dh_use and single_ecdh_use to default options (Zash breaks, Zash unbreaks)
Tue, 03 Sep 2013 15:43:59 +0200 Kim Alvefur certmanager: Allow for specifying the dhparam option as a path to a file instead of a callback
Tue, 03 Sep 2013 13:43:39 +0200 Kim Alvefur Merge 0.9->trunk
Tue, 03 Sep 2013 13:40:29 +0200 Kim Alvefur certmanager: Fix dhparam callback, missing imports (Testing, pfft) 0.9.1
Tue, 03 Sep 2013 12:32:18 +0100 Matthew Wild Merge 0.9->trunk
Tue, 03 Sep 2013 13:13:31 +0200 Kim Alvefur certmanager: Allow for specifying the dhparam option as a path to a file instead of a callback
Tue, 03 Sep 2013 12:11:11 +0100 Matthew Wild certmanager: Fix for working around a bug with LuaSec 0.4.1 that causes it to not honour the 'ciphers' option. This change will apply 0.9's default cipher string for LuaSec 0.4.1 users.
Fri, 09 Aug 2013 17:48:21 +0200 Florian Zeitz Remove all trailing whitespace
Sat, 13 Jul 2013 13:17:53 +0100 Matthew Wild Merge 0.9->trunk
Sat, 13 Jul 2013 13:15:24 +0100 Matthew Wild certmanager: Set our own default cipher string, which includes only ciphers regarded as 'HIGH' strength (by OpenSSL). In particular this disables RC4.
less more (0) -120 tip