Software / code / prosody
Annotate
util/caps.lua @ 10721:3a1b1d3084fb 0.11
core.certmanager: Move EECDH ciphers before EDH in default cipherstring (fixes #1513)
Backport of 94e341dee51c
The original intent of having kEDH before kEECDH was that if a `dhparam`
file was specified, this would be interpreted as a preference by the
admin for old and well-tested Diffie-Hellman key agreement over newer
elliptic curve ones. Otherwise the faster elliptic curve ciphersuites
would be preferred. This didn't really work as intended since this
affects the ClientHello on outgoing s2s connections, leading to some
servers using poorly configured kEDH.
With Debian shipping OpenSSL settings that enforce a higher security
level, this caused interoperability problems with servers that use DH
params smaller than 2048 bits. E.g. jabber.org at the time of this
writing has 1024 bit DH params.
MattJ says
> Curves have won, and OpenSSL is less weird about them now
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sun, 25 Aug 2019 20:22:35 +0200 |
| parent | 8555:4f0f5b49bb03 |
| child | 12975:d10957394a3c |
| rev | line source |
|---|---|
|
3342
20e99763a08a
util.caps: Entity capabilities hash generation (moved from mod_pep)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1 -- Prosody IM |
|
20e99763a08a
util.caps: Entity capabilities hash generation (moved from mod_pep)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
2 -- Copyright (C) 2008-2010 Matthew Wild |
|
20e99763a08a
util.caps: Entity capabilities hash generation (moved from mod_pep)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
3 -- Copyright (C) 2008-2010 Waqas Hussain |
|
5776
bd0ff8ae98a8
Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
3342
diff
changeset
|
4 -- |
|
3342
20e99763a08a
util.caps: Entity capabilities hash generation (moved from mod_pep)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
5 -- This project is MIT/X11 licensed. Please see the |
|
20e99763a08a
util.caps: Entity capabilities hash generation (moved from mod_pep)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
6 -- COPYING file in the source package for more information. |
|
20e99763a08a
util.caps: Entity capabilities hash generation (moved from mod_pep)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
7 -- |
|
20e99763a08a
util.caps: Entity capabilities hash generation (moved from mod_pep)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
8 |
|
20e99763a08a
util.caps: Entity capabilities hash generation (moved from mod_pep)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
9 local base64 = require "util.encodings".base64.encode; |
|
20e99763a08a
util.caps: Entity capabilities hash generation (moved from mod_pep)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
10 local sha1 = require "util.hashes".sha1; |
|
20e99763a08a
util.caps: Entity capabilities hash generation (moved from mod_pep)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
11 |
|
20e99763a08a
util.caps: Entity capabilities hash generation (moved from mod_pep)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
12 local t_insert, t_sort, t_concat = table.insert, table.sort, table.concat; |
|
20e99763a08a
util.caps: Entity capabilities hash generation (moved from mod_pep)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
13 local ipairs = ipairs; |
|
20e99763a08a
util.caps: Entity capabilities hash generation (moved from mod_pep)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
14 |
|
6777
5de6b93d0190
util.*: Remove use of module() function, make all module functions local and return them in a table at the end
Kim Alvefur <zash@zash.se>
parents:
5776
diff
changeset
|
15 local _ENV = nil; |
|
8555
4f0f5b49bb03
vairious: Add annotation when an empty environment is set [luacheck]
Kim Alvefur <zash@zash.se>
parents:
6777
diff
changeset
|
16 -- luacheck: std none |
|
3342
20e99763a08a
util.caps: Entity capabilities hash generation (moved from mod_pep)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
17 |
|
6777
5de6b93d0190
util.*: Remove use of module() function, make all module functions local and return them in a table at the end
Kim Alvefur <zash@zash.se>
parents:
5776
diff
changeset
|
18 local function calculate_hash(disco_info) |
|
3342
20e99763a08a
util.caps: Entity capabilities hash generation (moved from mod_pep)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
19 local identities, features, extensions = {}, {}, {}; |
|
20e99763a08a
util.caps: Entity capabilities hash generation (moved from mod_pep)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
20 for _, tag in ipairs(disco_info) do |
|
20e99763a08a
util.caps: Entity capabilities hash generation (moved from mod_pep)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
21 if tag.name == "identity" then |
|
20e99763a08a
util.caps: Entity capabilities hash generation (moved from mod_pep)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
22 t_insert(identities, (tag.attr.category or "").."\0"..(tag.attr.type or "").."\0"..(tag.attr["xml:lang"] or "").."\0"..(tag.attr.name or "")); |
|
20e99763a08a
util.caps: Entity capabilities hash generation (moved from mod_pep)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
23 elseif tag.name == "feature" then |
|
20e99763a08a
util.caps: Entity capabilities hash generation (moved from mod_pep)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
24 t_insert(features, tag.attr.var or ""); |
|
20e99763a08a
util.caps: Entity capabilities hash generation (moved from mod_pep)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
25 elseif tag.name == "x" and tag.attr.xmlns == "jabber:x:data" then |
|
20e99763a08a
util.caps: Entity capabilities hash generation (moved from mod_pep)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
26 local form = {}; |
|
20e99763a08a
util.caps: Entity capabilities hash generation (moved from mod_pep)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
27 local FORM_TYPE; |
|
20e99763a08a
util.caps: Entity capabilities hash generation (moved from mod_pep)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
28 for _, field in ipairs(tag.tags) do |
|
20e99763a08a
util.caps: Entity capabilities hash generation (moved from mod_pep)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
29 if field.name == "field" and field.attr.var then |
|
20e99763a08a
util.caps: Entity capabilities hash generation (moved from mod_pep)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
30 local values = {}; |
|
20e99763a08a
util.caps: Entity capabilities hash generation (moved from mod_pep)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
31 for _, val in ipairs(field.tags) do |
|
20e99763a08a
util.caps: Entity capabilities hash generation (moved from mod_pep)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
32 val = #val.tags == 0 and val:get_text(); |
|
20e99763a08a
util.caps: Entity capabilities hash generation (moved from mod_pep)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
33 if val then t_insert(values, val); end |
|
20e99763a08a
util.caps: Entity capabilities hash generation (moved from mod_pep)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
34 end |
|
20e99763a08a
util.caps: Entity capabilities hash generation (moved from mod_pep)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
35 t_sort(values); |
|
20e99763a08a
util.caps: Entity capabilities hash generation (moved from mod_pep)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
36 if field.attr.var == "FORM_TYPE" then |
|
20e99763a08a
util.caps: Entity capabilities hash generation (moved from mod_pep)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
37 FORM_TYPE = values[1]; |
|
20e99763a08a
util.caps: Entity capabilities hash generation (moved from mod_pep)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
38 elseif #values > 0 then |
|
20e99763a08a
util.caps: Entity capabilities hash generation (moved from mod_pep)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
39 t_insert(form, field.attr.var.."\0"..t_concat(values, "<")); |
|
20e99763a08a
util.caps: Entity capabilities hash generation (moved from mod_pep)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
40 else |
|
20e99763a08a
util.caps: Entity capabilities hash generation (moved from mod_pep)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
41 t_insert(form, field.attr.var); |
|
20e99763a08a
util.caps: Entity capabilities hash generation (moved from mod_pep)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
42 end |
|
20e99763a08a
util.caps: Entity capabilities hash generation (moved from mod_pep)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
43 end |
|
20e99763a08a
util.caps: Entity capabilities hash generation (moved from mod_pep)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
44 end |
|
20e99763a08a
util.caps: Entity capabilities hash generation (moved from mod_pep)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
45 t_sort(form); |
|
20e99763a08a
util.caps: Entity capabilities hash generation (moved from mod_pep)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
46 form = t_concat(form, "<"); |
|
20e99763a08a
util.caps: Entity capabilities hash generation (moved from mod_pep)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
47 if FORM_TYPE then form = FORM_TYPE.."\0"..form; end |
|
20e99763a08a
util.caps: Entity capabilities hash generation (moved from mod_pep)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
48 t_insert(extensions, form); |
|
20e99763a08a
util.caps: Entity capabilities hash generation (moved from mod_pep)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
49 end |
|
20e99763a08a
util.caps: Entity capabilities hash generation (moved from mod_pep)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
50 end |
|
20e99763a08a
util.caps: Entity capabilities hash generation (moved from mod_pep)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
51 t_sort(identities); |
|
20e99763a08a
util.caps: Entity capabilities hash generation (moved from mod_pep)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
52 t_sort(features); |
|
20e99763a08a
util.caps: Entity capabilities hash generation (moved from mod_pep)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
53 t_sort(extensions); |
|
20e99763a08a
util.caps: Entity capabilities hash generation (moved from mod_pep)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
54 if #identities > 0 then identities = t_concat(identities, "<"):gsub("%z", "/").."<"; else identities = ""; end |
|
20e99763a08a
util.caps: Entity capabilities hash generation (moved from mod_pep)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
55 if #features > 0 then features = t_concat(features, "<").."<"; else features = ""; end |
|
20e99763a08a
util.caps: Entity capabilities hash generation (moved from mod_pep)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
56 if #extensions > 0 then extensions = t_concat(extensions, "<"):gsub("%z", "<").."<"; else extensions = ""; end |
|
20e99763a08a
util.caps: Entity capabilities hash generation (moved from mod_pep)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
57 local S = identities..features..extensions; |
|
20e99763a08a
util.caps: Entity capabilities hash generation (moved from mod_pep)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
58 local ver = base64(sha1(S)); |
|
20e99763a08a
util.caps: Entity capabilities hash generation (moved from mod_pep)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
59 return ver, S; |
|
20e99763a08a
util.caps: Entity capabilities hash generation (moved from mod_pep)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
60 end |
|
20e99763a08a
util.caps: Entity capabilities hash generation (moved from mod_pep)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
61 |
|
6777
5de6b93d0190
util.*: Remove use of module() function, make all module functions local and return them in a table at the end
Kim Alvefur <zash@zash.se>
parents:
5776
diff
changeset
|
62 return { |
|
5de6b93d0190
util.*: Remove use of module() function, make all module functions local and return them in a table at the end
Kim Alvefur <zash@zash.se>
parents:
5776
diff
changeset
|
63 calculate_hash = calculate_hash; |
|
5de6b93d0190
util.*: Remove use of module() function, make all module functions local and return them in a table at the end
Kim Alvefur <zash@zash.se>
parents:
5776
diff
changeset
|
64 }; |
