Log

mod_s2s_auth_dane/mod_s2s_auth_dane.lua @ 4387:e5b4ebacbf7a

description author age
mod_s2s_auth_dane: Fix typo in comment [codespell] Kim Alvefur 2018-02-04
mod_s2s_auth_dane: Use util.async if available (current prosody trunk) Kim Alvefur 2016-06-01
mod_s2s_auth_dane: Move pausing code to a function Kim Alvefur 2016-05-28
Backed out changeset f00cbfb812cd, it only half-worked and broke things Kim Alvefur 2016-05-28
mod_s2s_auth_dane: Remove unused local Kim Alvefur 2016-05-26
mod_s2s_auth_dane: Attempt a new approach to async lookups that doesn't depend on connection pausing Kim Alvefur 2016-05-26
mod_s2s_auth_dane: Make sure dane field has correct type Kim Alvefur 2016-05-26
mod_s2s_auth_dane: Correct message about not being able to support SPKI Kim Alvefur 2016-01-31
mod_s2s_auth_dane: Check if cert:pubkey() is available Kim Alvefur 2016-01-23
mod_s2s_auth_dane: Warn only if there enabled uses that can't be supported Kim Alvefur 2016-01-11
mod_s2s_auth_dane: More DNS related debug logging Kim Alvefur 2015-12-12
mod_s2s_auth_dane: Abort on bogus reply to SRV lookup Kim Alvefur 2015-12-12
mod_s2s_auth_dane: Log as much as possible through session logger instance Kim Alvefur 2015-12-12
mod_s2s_auth_dane: Add a telnet console command that exposes DANE information Kim Alvefur 2015-12-10
mod_s2s_auth_dane: Keep DANE response around after the connection is established to aid in debugging Kim Alvefur 2015-12-10
mod_s2s_auth_dane: Some more verbose debug logging Kim Alvefur 2015-12-10
mod_s2s_auth_dane: Consider TLSA records with PKIX uses as supported (if enabled) even if the chain is invalid (if no match is found the session is considered insecure) Kim Alvefur 2015-11-16
mod_s2s_auth_dane: Consider the current certificate chain status before checking PKIX-{EE,CA} TLSA records Kim Alvefur 2015-11-05
mod_s2s_auth_dane: Support servers without SRV records by falling back to port 5269 and the bare hostname for TLSA lookups Kim Alvefur 2015-11-05
mod_s2s_auth_dane: Ignore mutating of the 'module' global, that is ok in prosody plugins [luacheck] Kim Alvefur 2015-05-21
mod_s2s_auth_dane: Validate names of DANE-TA certs Kim Alvefur 2015-05-21
mod_s2s_auth_dane: Simplify cases where there are only one SRV record Kim Alvefur 2015-05-05
mod_s2s_auth_dane: Don't count number of RRs in DNS reply if the DNS lib already did Kim Alvefur 2015-05-05
mod_s2s_auth_dane: Abort earlier for sessions from hosts that don't say who they are Kim Alvefur 2015-04-13
mod_s2s_auth_dane: Demote log message about failure to ASCII-ify hostname from error to warning Kim Alvefur 2015-04-13
mod_s2s_auth_dane: Cleanup [luacheck] Kim Alvefur 2015-04-07
mod_s2s_auth_dane: Update for recent changes in Zashs LuaSec branch Kim Alvefur 2015-03-31
mod_s2s_auth_dane: Comments and cleanup Kim Alvefur 2015-03-16
mod_s2s_auth_dane: Include hostname when logging a failure Kim Alvefur 2014-09-16
mod_s2s_auth_dane: Fix stringprepping when doing "DANE Light" Kim Alvefur 2014-09-16
mod_s2s_auth_dane: Fix traceback caused by LuaSec not being loaded Kim Alvefur 2014-09-14
mod_s2s_auth_dane: Tweak log messages Kim Alvefur 2014-06-15
mod_s2s_auth_dane: Add some more info to log messages Kim Alvefur 2014-06-13
mod_s2s_auth_dane: Pause connection only if needed Kim Alvefur 2014-06-12
mod_s2s_auth_dane: Return if no certificate found Kim Alvefur 2014-06-12
mod_s2s_auth_dane: Cache logger to save some table lookups and improve readability Kim Alvefur 2014-06-11
mod_s2s_auth_dane: Fix potential traceback in logging if SRV target fails nameprep Kim Alvefur 2014-05-19
mod_s2s_auth_dane: Unreference DNS lookup when reply arrives (thanks LordVan) Kim Alvefur 2014-05-19
Backout 33f132c3f4b7 until 0.10 Kim Alvefur 2014-05-15
mod_s2s_auth_dane: Fix traceback if session.srv_hosts is nil Kim Alvefur 2014-05-08
mod_s2s_auth_dane: Change how TLSA support is detected Kim Alvefur 2014-05-07
mod_s2s_auth_dane: Fix logic precedence issue Kim Alvefur 2014-05-07
mod_s2s_auth_dane: Add support for DANE-TA and PKIX-CA (requires LuaSec changes) Kim Alvefur 2014-04-26
mod_s2s_auth_dane: Use PEM to DER function from util.x509 (0.10+) Kim Alvefur 2014-04-26
mod_s2s_auth_dane: Launch DANE queries when sending or receiving stream-features instead of monkeypatching s2sout.lib Kim Alvefur 2014-04-26
mod_s2s_auth_dane: Clean up no longer needed DNS replies Kim Alvefur 2014-04-24
mod_s2s_auth_dane: Skip dns queries for already authenticated s2sin connections Kim Alvefur 2014-04-24
mod_s2s_auth_dane: Remove non-working bogus handling Kim Alvefur 2014-04-24
mod_s2s_auth_dane: Break out DANE check into a function Kim Alvefur 2014-04-24
mod_s2s_auth_dane: Improve debug message and log it on the session Kim Alvefur 2014-04-10
mod_s2s_auth_dane: Merge functionality from mod_s2s_auth_dnssec_srv Kim Alvefur 2014-03-24
mod_s2s_auth_dane: Fix typo in debug statement Kim Alvefur 2014-03-20
mod_s2s_auth_dane: Pause s2sin while doing SRV and TLSA lookups, fixes race condition (Can haz util.async plz) Kim Alvefur 2014-03-20
mod_s2s_auth_dane: Fix tb when no hostname sent by remote Kim Alvefur 2014-03-19
mod_s2s_auth_dane: Verify that the SRV is secure Kim Alvefur 2014-03-19
mod_s2s_auth_dane: Abort module loading if luaunbound is unavailable Kim Alvefur 2014-03-19
mod_s2s_auth_dane: Drop support for domains without SRV for now Kim Alvefur 2014-03-18
mod_s2s_auth_dane: Fix for a17c2c4043e5 Kim Alvefur 2014-03-18
mod_s2s_auth_dane: Skip TLSA lookups if SRV is insecure Kim Alvefur 2014-03-18
mod_s2s_auth_dane: Hack for domains without SRV Kim Alvefur 2014-03-18
mod_s2s_auth_dane: Don't pass nil to hash functions in case of unsupported selectors Kim Alvefur 2014-03-18
mod_s2s_auth_dane: Back to _port._tcp.srvtarget.example.net Kim Alvefur 2014-03-18
mod_s2s_auth_dane: Bogus replies should have no RRdata Kim Alvefur 2014-03-14
mod_s2s_auth_dane: Comments and TODOs Kim Alvefur 2014-03-14
mod_s2s_auth_dane: Make supported DANE usages configurable, default to DANE-EE Kim Alvefur 2014-03-14
mod_s2s_auth_dane: Simplify, but diverge from DANE-SRV draft. Will now look for _xmpp-server.example.com IN TLSA for both directions Kim Alvefur 2014-03-14
mod_s2s_auth_dane: Only invalidate trust if we found any supported DANE records Kim Alvefur 2014-03-11
mod_s2s_auth_dane: Improve handling of bogus data Kim Alvefur 2014-03-09
mod_s2s_auth_dane: Only do TLSA lookup if it hasn't been attempted already Kim Alvefur 2014-03-09
mod_s2s_auth_dane: Fix inverted nil check Kim Alvefur 2014-03-09
mod_s2s_auth_dane: Do DANE lookups on outgoing stream features Kim Alvefur 2014-03-09
mod_s2s_auth_dane: Improve logging Kim Alvefur 2014-03-09
mod_s2s_auth_dane: More comment changes Kim Alvefur 2014-03-09
mod_s2s_auth_dane: Implement experimental method for doing DANE with client certificates on s2sin Kim Alvefur 2014-03-07
mod_s2s_auth_dane: Add some comments Kim Alvefur 2014-03-07
mod_s2s_auth_dane: Don't allow unencrypted connections if TLSA exists Kim Alvefur 2014-03-05
mod_s2s_auth_dane: Verify that the pubkey method exists when the SPKI selector is used Kim Alvefur 2014-03-05
mod_s2s_auth_dane: Delay s2sout state machine until we get TLSA reply Kim Alvefur 2014-03-05
mod_s2s_auth_dane: Comment updates Kim Alvefur 2014-03-05
Backed out changeset 853a382c9bd6 Kim Alvefur 2014-02-28
mod_turncredentials: Advertise the XEP-0215 feature (thanks Gryffus) Kim Alvefur 2014-02-28
mod_s2s_auth_dane: Fix typo in comment (thanks albert) Kim Alvefur 2014-01-04
mod_s2s_auth_dane: Style fixes Kim Alvefur 2014-01-04
mod_s2s_auth_dane: Fix wording on validation failure Kim Alvefur 2014-01-04
mod_s2s_auth_dane: Invalidate trust if there are TLSA records but no matches, or bogus results Kim Alvefur 2014-01-03
mod_s2s_auth_dane: Warn about unsupported DANE params Kim Alvefur 2014-01-03
mod_s2s_auth_dane: Experimental DANE implementation Kim Alvefur 2013-12-31