Log

mod_s2s_auth_dane/mod_s2s_auth_dane.lua @ 4876:0f5f2d4475b9

description author age
mod_s2s_auth_dane: Fix traceback in DANE-TA check because unpack() moved Kim Alvefur Wed, 03 Mar 2021 11:51:39 +0100
mod_s2s_auth_dane: Disable now redundant validation done in trunk Kim Alvefur Wed, 03 Mar 2021 11:43:38 +0100
mod_s2s_auth_dane: Fix typo in comment [codespell] Kim Alvefur Sun, 04 Feb 2018 15:55:07 +0100
mod_s2s_auth_dane: Use util.async if available (current prosody trunk) Kim Alvefur Wed, 01 Jun 2016 22:33:51 +0200
mod_s2s_auth_dane: Move pausing code to a function Kim Alvefur Sat, 28 May 2016 16:55:43 +0200
Backed out changeset f00cbfb812cd, it only half-worked and broke things Kim Alvefur Sat, 28 May 2016 13:34:43 +0200
mod_s2s_auth_dane: Remove unused local Kim Alvefur Thu, 26 May 2016 15:36:19 +0200
mod_s2s_auth_dane: Attempt a new approach to async lookups that doesn't depend on connection pausing Kim Alvefur Thu, 26 May 2016 15:35:52 +0200
mod_s2s_auth_dane: Make sure dane field has correct type Kim Alvefur Thu, 26 May 2016 15:31:32 +0200
mod_s2s_auth_dane: Correct message about not being able to support SPKI Kim Alvefur Sun, 31 Jan 2016 12:38:51 +0100
mod_s2s_auth_dane: Check if cert:pubkey() is available Kim Alvefur Sat, 23 Jan 2016 20:34:26 +0100
mod_s2s_auth_dane: Warn only if there enabled uses that can't be supported Kim Alvefur Mon, 11 Jan 2016 15:45:09 +0100
mod_s2s_auth_dane: More DNS related debug logging Kim Alvefur Sat, 12 Dec 2015 17:00:25 +0100
mod_s2s_auth_dane: Abort on bogus reply to SRV lookup Kim Alvefur Sat, 12 Dec 2015 16:59:49 +0100
mod_s2s_auth_dane: Log as much as possible through session logger instance Kim Alvefur Sat, 12 Dec 2015 16:01:58 +0100
mod_s2s_auth_dane: Add a telnet console command that exposes DANE information Kim Alvefur Thu, 10 Dec 2015 23:24:55 +0100
mod_s2s_auth_dane: Keep DANE response around after the connection is established to aid in debugging Kim Alvefur Thu, 10 Dec 2015 23:24:11 +0100
mod_s2s_auth_dane: Some more verbose debug logging Kim Alvefur Thu, 10 Dec 2015 23:23:07 +0100
mod_s2s_auth_dane: Consider TLSA records with PKIX uses as supported (if enabled) even if the chain is invalid (if no match is found the session is considered insecure) Kim Alvefur Mon, 16 Nov 2015 18:03:41 +0100
mod_s2s_auth_dane: Consider the current certificate chain status before checking PKIX-{EE,CA} TLSA records Kim Alvefur Thu, 05 Nov 2015 15:38:31 +0100
mod_s2s_auth_dane: Support servers without SRV records by falling back to port 5269 and the bare hostname for TLSA lookups Kim Alvefur Thu, 05 Nov 2015 14:10:11 +0100
mod_s2s_auth_dane: Ignore mutating of the 'module' global, that is ok in prosody plugins [luacheck] Kim Alvefur Thu, 21 May 2015 11:14:16 +0200
mod_s2s_auth_dane: Validate names of DANE-TA certs Kim Alvefur Thu, 21 May 2015 10:28:02 +0200
mod_s2s_auth_dane: Simplify cases where there are only one SRV record Kim Alvefur Wed, 06 May 2015 00:53:27 +0200
mod_s2s_auth_dane: Don't count number of RRs in DNS reply if the DNS lib already did Kim Alvefur Wed, 06 May 2015 00:51:46 +0200
mod_s2s_auth_dane: Abort earlier for sessions from hosts that don't say who they are Kim Alvefur Mon, 13 Apr 2015 13:36:38 +0200
mod_s2s_auth_dane: Demote log message about failure to ASCII-ify hostname from error to warning Kim Alvefur Mon, 13 Apr 2015 13:35:37 +0200
mod_s2s_auth_dane: Cleanup [luacheck] Kim Alvefur Tue, 07 Apr 2015 17:35:20 +0200
mod_s2s_auth_dane: Update for recent changes in Zashs LuaSec branch Kim Alvefur Tue, 31 Mar 2015 20:57:34 +0200
mod_s2s_auth_dane: Comments and cleanup Kim Alvefur Mon, 16 Mar 2015 16:19:53 +0100
mod_s2s_auth_dane: Include hostname when logging a failure Kim Alvefur Tue, 16 Sep 2014 19:55:54 +0200
mod_s2s_auth_dane: Fix stringprepping when doing "DANE Light" Kim Alvefur Tue, 16 Sep 2014 19:53:41 +0200
mod_s2s_auth_dane: Fix traceback caused by LuaSec not being loaded Kim Alvefur Sun, 14 Sep 2014 18:52:54 +0200
mod_s2s_auth_dane: Tweak log messages Kim Alvefur Sun, 15 Jun 2014 02:40:18 +0200
mod_s2s_auth_dane: Add some more info to log messages Kim Alvefur Fri, 13 Jun 2014 02:19:52 +0200
mod_s2s_auth_dane: Pause connection only if needed Kim Alvefur Thu, 12 Jun 2014 12:31:50 +0200
mod_s2s_auth_dane: Return if no certificate found Kim Alvefur Thu, 12 Jun 2014 12:30:39 +0200
mod_s2s_auth_dane: Cache logger to save some table lookups and improve readability Kim Alvefur Wed, 11 Jun 2014 12:50:57 +0200
mod_s2s_auth_dane: Fix potential traceback in logging if SRV target fails nameprep Kim Alvefur Mon, 19 May 2014 17:00:12 +0200
mod_s2s_auth_dane: Unreference DNS lookup when reply arrives (thanks LordVan) Kim Alvefur Mon, 19 May 2014 16:28:43 +0200
Backout 33f132c3f4b7 until 0.10 Kim Alvefur Thu, 15 May 2014 11:12:31 +0200
mod_s2s_auth_dane: Fix traceback if session.srv_hosts is nil Kim Alvefur Thu, 08 May 2014 15:43:58 +0200
mod_s2s_auth_dane: Change how TLSA support is detected Kim Alvefur Wed, 07 May 2014 17:08:47 +0200
mod_s2s_auth_dane: Fix logic precedence issue Kim Alvefur Wed, 07 May 2014 17:07:10 +0200
mod_s2s_auth_dane: Add support for DANE-TA and PKIX-CA (requires LuaSec changes) Kim Alvefur Sun, 27 Apr 2014 01:43:43 +0200
mod_s2s_auth_dane: Use PEM to DER function from util.x509 (0.10+) Kim Alvefur Sun, 27 Apr 2014 01:40:20 +0200
mod_s2s_auth_dane: Launch DANE queries when sending or receiving stream-features instead of monkeypatching s2sout.lib Kim Alvefur Sun, 27 Apr 2014 01:24:03 +0200
mod_s2s_auth_dane: Clean up no longer needed DNS replies Kim Alvefur Thu, 24 Apr 2014 18:34:10 +0200
mod_s2s_auth_dane: Skip dns queries for already authenticated s2sin connections Kim Alvefur Thu, 24 Apr 2014 18:33:13 +0200
mod_s2s_auth_dane: Remove non-working bogus handling Kim Alvefur Thu, 24 Apr 2014 18:32:25 +0200
mod_s2s_auth_dane: Break out DANE check into a function Kim Alvefur Thu, 24 Apr 2014 18:19:09 +0200
mod_s2s_auth_dane: Improve debug message and log it on the session Kim Alvefur Thu, 10 Apr 2014 22:40:11 +0200
mod_s2s_auth_dane: Merge functionality from mod_s2s_auth_dnssec_srv Kim Alvefur Mon, 24 Mar 2014 13:04:24 +0100
mod_s2s_auth_dane: Fix typo in debug statement Kim Alvefur Thu, 20 Mar 2014 15:55:37 +0100
mod_s2s_auth_dane: Pause s2sin while doing SRV and TLSA lookups, fixes race condition (Can haz util.async plz) Kim Alvefur Thu, 20 Mar 2014 15:31:15 +0100
mod_s2s_auth_dane: Fix tb when no hostname sent by remote Kim Alvefur Wed, 19 Mar 2014 19:48:06 +0100
mod_s2s_auth_dane: Verify that the SRV is secure Kim Alvefur Wed, 19 Mar 2014 14:33:10 +0100
mod_s2s_auth_dane: Abort module loading if luaunbound is unavailable Kim Alvefur Wed, 19 Mar 2014 14:04:09 +0100
mod_s2s_auth_dane: Drop support for domains without SRV for now Kim Alvefur Tue, 18 Mar 2014 16:09:51 +0100
mod_s2s_auth_dane: Fix for a17c2c4043e5 Kim Alvefur Tue, 18 Mar 2014 16:02:24 +0100
mod_s2s_auth_dane: Skip TLSA lookups if SRV is insecure Kim Alvefur Tue, 18 Mar 2014 15:54:08 +0100
mod_s2s_auth_dane: Hack for domains without SRV Kim Alvefur Tue, 18 Mar 2014 15:36:23 +0100
mod_s2s_auth_dane: Don't pass nil to hash functions in case of unsupported selectors Kim Alvefur Tue, 18 Mar 2014 15:20:28 +0100
mod_s2s_auth_dane: Back to _port._tcp.srvtarget.example.net Kim Alvefur Tue, 18 Mar 2014 15:12:11 +0100
mod_s2s_auth_dane: Bogus replies should have no RRdata Kim Alvefur Fri, 14 Mar 2014 14:30:33 +0100
mod_s2s_auth_dane: Comments and TODOs Kim Alvefur Fri, 14 Mar 2014 14:23:27 +0100
mod_s2s_auth_dane: Make supported DANE usages configurable, default to DANE-EE Kim Alvefur Fri, 14 Mar 2014 14:18:18 +0100
mod_s2s_auth_dane: Simplify, but diverge from DANE-SRV draft. Will now look for _xmpp-server.example.com IN TLSA for both directions Kim Alvefur Fri, 14 Mar 2014 14:15:56 +0100
mod_s2s_auth_dane: Only invalidate trust if we found any supported DANE records Kim Alvefur Tue, 11 Mar 2014 21:13:40 +0100
mod_s2s_auth_dane: Improve handling of bogus data Kim Alvefur Sun, 09 Mar 2014 23:17:17 +0100
mod_s2s_auth_dane: Only do TLSA lookup if it hasn't been attempted already Kim Alvefur Sun, 09 Mar 2014 23:08:41 +0100
mod_s2s_auth_dane: Fix inverted nil check Kim Alvefur Sun, 09 Mar 2014 14:09:24 +0100
mod_s2s_auth_dane: Do DANE lookups on outgoing stream features Kim Alvefur Sun, 09 Mar 2014 13:44:29 +0100
mod_s2s_auth_dane: Improve logging Kim Alvefur Sun, 09 Mar 2014 13:43:27 +0100
mod_s2s_auth_dane: More comment changes Kim Alvefur Sun, 09 Mar 2014 13:42:36 +0100
mod_s2s_auth_dane: Implement experimental method for doing DANE with client certificates on s2sin Kim Alvefur Sat, 08 Mar 2014 00:00:26 +0100
mod_s2s_auth_dane: Add some comments Kim Alvefur Fri, 07 Mar 2014 23:30:34 +0100
mod_s2s_auth_dane: Don't allow unencrypted connections if TLSA exists Kim Alvefur Wed, 05 Mar 2014 17:44:27 +0100
mod_s2s_auth_dane: Verify that the pubkey method exists when the SPKI selector is used Kim Alvefur Wed, 05 Mar 2014 17:42:15 +0100
mod_s2s_auth_dane: Delay s2sout state machine until we get TLSA reply Kim Alvefur Wed, 05 Mar 2014 17:40:44 +0100
mod_s2s_auth_dane: Comment updates Kim Alvefur Wed, 05 Mar 2014 17:38:36 +0100
Backed out changeset 853a382c9bd6 Kim Alvefur Fri, 28 Feb 2014 15:37:55 +0100
mod_turncredentials: Advertise the XEP-0215 feature (thanks Gryffus) Kim Alvefur Fri, 28 Feb 2014 15:36:06 +0100
mod_s2s_auth_dane: Fix typo in comment (thanks albert) Kim Alvefur Sat, 04 Jan 2014 23:12:32 +0100
mod_s2s_auth_dane: Style fixes Kim Alvefur Sat, 04 Jan 2014 20:07:14 +0100
mod_s2s_auth_dane: Fix wording on validation failure Kim Alvefur Sat, 04 Jan 2014 20:04:12 +0100
mod_s2s_auth_dane: Invalidate trust if there are TLSA records but no matches, or bogus results Kim Alvefur Fri, 03 Jan 2014 15:14:26 +0100
mod_s2s_auth_dane: Warn about unsupported DANE params Kim Alvefur Fri, 03 Jan 2014 15:00:05 +0100
mod_s2s_auth_dane: Experimental DANE implementation Kim Alvefur Tue, 31 Dec 2013 02:16:19 +0100