Software / code / prosody
Annotate
doc/stanza_routing.txt @ 11749:83d6d6a70edf
net.http: fail open if surrounding code does not configure TLS
Previously, if surrounding code was not configuring the TLS context
used default in net.http, it would not validate certificates at all.
This is not a security issue with prosody, because prosody updates the
context with `verify = "peer"` as well as paths to CA certificates in
util.startup.init_http_client.
Nevertheless... Let's not leave this pitfall out there in the open.
| author | Jonas Schäfer <jonas@wielicki.name> |
|---|---|
| date | Sun, 29 Aug 2021 15:04:47 +0200 |
| parent | 22:2856dfc1f5cc |
| rev | line source |
|---|---|
| 12 | 1 No 'to' attribute: |
| 2 IQ: Pass to appropriate handler | |
| 3 Presence: Broadcast to contacts | |
| 4 - if initial presence, also send out presence probes | |
| 5 - if probe would be to local user, generate presence stanza for them | |
| 6 Message: Route as if it is addressed to the bare JID of the sender | |
| 7 | |
| 8 To a local host: | |
| 9 IQ: Pass to appropriate handler | |
| 10 Presence: - | |
| 11 Message: Deliver to admin? | |
| 12 | |
| 13 To local contact: | |
| 14 Bare JID: | |
| 15 IQ: Pass to appropriate handler | |
| 16 Presence: Broadcast to all resources | |
| 17 Message: Route to 'best' resource | |
| 18 Full JID: | |
| 19 IQ: Send to resource | |
| 20 Presence: Send to resource | |
| 21 Message: Send to resource | |
| 21 | 22 Full JID but resource not connected: |
| 23 IQ: Return service-unavailable | |
| 24 Message: Handle same as if to bare JID | |
| 25 Presence: Drop (unless type=subscribe[ed]) | |
| 12 | 26 |
| 27 To remote contact: | |
| 28 Initiate s2s connection if necessary | |
| 29 Send stanza across | |
|
22
2856dfc1f5cc
Various documentation updates, and added names.txt :)
Matthew Wild <mwild1@gmail.com>
parents:
21
diff
changeset
|
30 |
