Log

mod_s2s_auth_dane/mod_s2s_auth_dane.lua @ 1870:6a9f91ad4f95

description author age
mod_s2s_auth_dane: Ignore mutating of the 'module' global, that is ok in prosody plugins [luacheck] Kim Alvefur Thu, 21 May 2015 11:14:16 +0200
mod_s2s_auth_dane: Validate names of DANE-TA certs Kim Alvefur Thu, 21 May 2015 10:28:02 +0200
mod_s2s_auth_dane: Simplify cases where there are only one SRV record Kim Alvefur Wed, 06 May 2015 00:53:27 +0200
mod_s2s_auth_dane: Don't count number of RRs in DNS reply if the DNS lib already did Kim Alvefur Wed, 06 May 2015 00:51:46 +0200
mod_s2s_auth_dane: Abort earlier for sessions from hosts that don't say who they are Kim Alvefur Mon, 13 Apr 2015 13:36:38 +0200
mod_s2s_auth_dane: Demote log message about failure to ASCII-ify hostname from error to warning Kim Alvefur Mon, 13 Apr 2015 13:35:37 +0200
mod_s2s_auth_dane: Cleanup [luacheck] Kim Alvefur Tue, 07 Apr 2015 17:35:20 +0200
mod_s2s_auth_dane: Update for recent changes in Zashs LuaSec branch Kim Alvefur Tue, 31 Mar 2015 20:57:34 +0200
mod_s2s_auth_dane: Comments and cleanup Kim Alvefur Mon, 16 Mar 2015 16:19:53 +0100
mod_s2s_auth_dane: Include hostname when logging a failure Kim Alvefur Tue, 16 Sep 2014 19:55:54 +0200
mod_s2s_auth_dane: Fix stringprepping when doing "DANE Light" Kim Alvefur Tue, 16 Sep 2014 19:53:41 +0200
mod_s2s_auth_dane: Fix traceback caused by LuaSec not being loaded Kim Alvefur Sun, 14 Sep 2014 18:52:54 +0200
mod_s2s_auth_dane: Tweak log messages Kim Alvefur Sun, 15 Jun 2014 02:40:18 +0200
mod_s2s_auth_dane: Add some more info to log messages Kim Alvefur Fri, 13 Jun 2014 02:19:52 +0200
mod_s2s_auth_dane: Pause connection only if needed Kim Alvefur Thu, 12 Jun 2014 12:31:50 +0200
mod_s2s_auth_dane: Return if no certificate found Kim Alvefur Thu, 12 Jun 2014 12:30:39 +0200
mod_s2s_auth_dane: Cache logger to save some table lookups and improve readability Kim Alvefur Wed, 11 Jun 2014 12:50:57 +0200
mod_s2s_auth_dane: Fix potential traceback in logging if SRV target fails nameprep Kim Alvefur Mon, 19 May 2014 17:00:12 +0200
mod_s2s_auth_dane: Unreference DNS lookup when reply arrives (thanks LordVan) Kim Alvefur Mon, 19 May 2014 16:28:43 +0200
Backout 33f132c3f4b7 until 0.10 Kim Alvefur Thu, 15 May 2014 11:12:31 +0200
mod_s2s_auth_dane: Fix traceback if session.srv_hosts is nil Kim Alvefur Thu, 08 May 2014 15:43:58 +0200
mod_s2s_auth_dane: Change how TLSA support is detected Kim Alvefur Wed, 07 May 2014 17:08:47 +0200
mod_s2s_auth_dane: Fix logic precedence issue Kim Alvefur Wed, 07 May 2014 17:07:10 +0200
mod_s2s_auth_dane: Add support for DANE-TA and PKIX-CA (requires LuaSec changes) Kim Alvefur Sun, 27 Apr 2014 01:43:43 +0200
mod_s2s_auth_dane: Use PEM to DER function from util.x509 (0.10+) Kim Alvefur Sun, 27 Apr 2014 01:40:20 +0200
mod_s2s_auth_dane: Launch DANE queries when sending or receiving stream-features instead of monkeypatching s2sout.lib Kim Alvefur Sun, 27 Apr 2014 01:24:03 +0200
mod_s2s_auth_dane: Clean up no longer needed DNS replies Kim Alvefur Thu, 24 Apr 2014 18:34:10 +0200
mod_s2s_auth_dane: Skip dns queries for already authenticated s2sin connections Kim Alvefur Thu, 24 Apr 2014 18:33:13 +0200
mod_s2s_auth_dane: Remove non-working bogus handling Kim Alvefur Thu, 24 Apr 2014 18:32:25 +0200
mod_s2s_auth_dane: Break out DANE check into a function Kim Alvefur Thu, 24 Apr 2014 18:19:09 +0200
mod_s2s_auth_dane: Improve debug message and log it on the session Kim Alvefur Thu, 10 Apr 2014 22:40:11 +0200
mod_s2s_auth_dane: Merge functionality from mod_s2s_auth_dnssec_srv Kim Alvefur Mon, 24 Mar 2014 13:04:24 +0100
mod_s2s_auth_dane: Fix typo in debug statement Kim Alvefur Thu, 20 Mar 2014 15:55:37 +0100
mod_s2s_auth_dane: Pause s2sin while doing SRV and TLSA lookups, fixes race condition (Can haz util.async plz) Kim Alvefur Thu, 20 Mar 2014 15:31:15 +0100
mod_s2s_auth_dane: Fix tb when no hostname sent by remote Kim Alvefur Wed, 19 Mar 2014 19:48:06 +0100
mod_s2s_auth_dane: Verify that the SRV is secure Kim Alvefur Wed, 19 Mar 2014 14:33:10 +0100
mod_s2s_auth_dane: Abort module loading if luaunbound is unavailable Kim Alvefur Wed, 19 Mar 2014 14:04:09 +0100
mod_s2s_auth_dane: Drop support for domains without SRV for now Kim Alvefur Tue, 18 Mar 2014 16:09:51 +0100
mod_s2s_auth_dane: Fix for a17c2c4043e5 Kim Alvefur Tue, 18 Mar 2014 16:02:24 +0100
mod_s2s_auth_dane: Skip TLSA lookups if SRV is insecure Kim Alvefur Tue, 18 Mar 2014 15:54:08 +0100
mod_s2s_auth_dane: Hack for domains without SRV Kim Alvefur Tue, 18 Mar 2014 15:36:23 +0100
mod_s2s_auth_dane: Don't pass nil to hash functions in case of unsupported selectors Kim Alvefur Tue, 18 Mar 2014 15:20:28 +0100
mod_s2s_auth_dane: Back to _port._tcp.srvtarget.example.net Kim Alvefur Tue, 18 Mar 2014 15:12:11 +0100
mod_s2s_auth_dane: Bogus replies should have no RRdata Kim Alvefur Fri, 14 Mar 2014 14:30:33 +0100
mod_s2s_auth_dane: Comments and TODOs Kim Alvefur Fri, 14 Mar 2014 14:23:27 +0100
mod_s2s_auth_dane: Make supported DANE usages configurable, default to DANE-EE Kim Alvefur Fri, 14 Mar 2014 14:18:18 +0100
mod_s2s_auth_dane: Simplify, but diverge from DANE-SRV draft. Will now look for _xmpp-server.example.com IN TLSA for both directions Kim Alvefur Fri, 14 Mar 2014 14:15:56 +0100
mod_s2s_auth_dane: Only invalidate trust if we found any supported DANE records Kim Alvefur Tue, 11 Mar 2014 21:13:40 +0100
mod_s2s_auth_dane: Improve handling of bogus data Kim Alvefur Sun, 09 Mar 2014 23:17:17 +0100
mod_s2s_auth_dane: Only do TLSA lookup if it hasn't been attempted already Kim Alvefur Sun, 09 Mar 2014 23:08:41 +0100
mod_s2s_auth_dane: Fix inverted nil check Kim Alvefur Sun, 09 Mar 2014 14:09:24 +0100
mod_s2s_auth_dane: Do DANE lookups on outgoing stream features Kim Alvefur Sun, 09 Mar 2014 13:44:29 +0100
mod_s2s_auth_dane: Improve logging Kim Alvefur Sun, 09 Mar 2014 13:43:27 +0100
mod_s2s_auth_dane: More comment changes Kim Alvefur Sun, 09 Mar 2014 13:42:36 +0100
mod_s2s_auth_dane: Implement experimental method for doing DANE with client certificates on s2sin Kim Alvefur Sat, 08 Mar 2014 00:00:26 +0100
mod_s2s_auth_dane: Add some comments Kim Alvefur Fri, 07 Mar 2014 23:30:34 +0100
mod_s2s_auth_dane: Don't allow unencrypted connections if TLSA exists Kim Alvefur Wed, 05 Mar 2014 17:44:27 +0100
mod_s2s_auth_dane: Verify that the pubkey method exists when the SPKI selector is used Kim Alvefur Wed, 05 Mar 2014 17:42:15 +0100
mod_s2s_auth_dane: Delay s2sout state machine until we get TLSA reply Kim Alvefur Wed, 05 Mar 2014 17:40:44 +0100
mod_s2s_auth_dane: Comment updates Kim Alvefur Wed, 05 Mar 2014 17:38:36 +0100