prosody-modules
13070c6a7ce8
mod_tls_policy/mod_tls_policy.lua
Software / code / prosody-modules
File
mod_tls_policy/mod_tls_policy.lua @ 4930:13070c6a7ce8
mod_http_muc_log: Fix exception on lack of trailing slash in room path
A request to /room leads to the match call returning nil which in turn
calls nodeprep(nil). In Prosody 0.11.x this does nothing and simply
returns the nil, while in 0.12 it is an error.
Now it redirects to the calendar view at /room/ - even for non-existant
rooms.
Discovered at a deployment with http_paths = { muc_log = "/" } and
requests to /robots.txt and similar, which now result in a uses redirect
before returning 404.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Fri, 22 Apr 2022 14:29:32 +0200 |
| parent | 4674:1b701f208b1b |
line wrap: on
line source
assert(require"ssl.core".info, "Incompatible LuaSec version"); local function hook(event_name, typ, policy) if not policy then return end if policy == "FS" then policy = { cipher = "^E?C?DHE%-" }; elseif type(policy) == "string" then policy = { cipher = policy }; end module:hook(event_name, function (event) local origin = event.origin; if origin.conn and origin.conn:ssl() then local info = origin.conn:socket():info(); for key, what in pairs(policy) do module:log("debug", "Does info[%q] = %s match %s ?", key, tostring(info[key]), tostring(what)); if (type(what) == "number" and what < info[key] ) or (type(what) == "string" and not info[key]:match(what)) then origin:close({ condition = "policy-violation", text = ("TLS %s '%s' not acceptable"):format(key, tostring(info[key])) }); return false; end module:log("debug", "Seems so"); end module:log("debug", "Policy matches"); end end, 1000); end local policy = module:get_option(module.name, {}); if type(policy) == "string" then policy = { c2s = policy, s2s = policy }; end hook("stream-features", "c2s", policy.c2s); hook("s2s-stream-features", "s2sin", policy.s2sin or policy.s2s); hook("stanza/http://etherx.jabber.org/streams:features", "s2sout", policy.s2sout or policy.s2s);
