prosody
38c95544b7ee
util/helpers.lua
Software / code / prosody
File
util/helpers.lua @ 13289:38c95544b7ee
mod_saslauth, mod_c2s: Disable tls-server-end-point channel binding by default
This channel binding method is now enabled when a hash is manually set in the
config, or it attempts to discover the hash automatically if the value is the
special string "auto".
A related change to mod_c2s prevents complicated certificate lookups in the
client connection hot path - this work now happens only when this channel
binding method is used. I'm not aware of anything else that uses ssl_cfg (vs
ssl_ctx).
Rationale for disabling by default:
- Minor performance impact in automatic cert detection
- This method is weak against a leaked/stolen private key (other methods such
as 'tls-exporter' would not be compromised in such a case)
Rationale for keeping the implementation:
- For some deployments, this may be the only method available (e.g. due to
TLS offloading in another process/server).
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Thu, 26 Oct 2023 15:14:39 +0100 |
| parent | 12975:d10957394a3c |
line wrap: on
line source
-- Prosody IM -- Copyright (C) 2008-2010 Matthew Wild -- Copyright (C) 2008-2010 Waqas Hussain -- -- This project is MIT/X11 licensed. Please see the -- COPYING file in the source package for more information. -- local debug = require "prosody.util.debug"; -- Helper functions for debugging local log = require "prosody.util.logger".init("util.debug"); local function log_events(events, name, logger) local f = events.fire_event; if not f then error("Object does not appear to be a util.events object"); end logger = logger or log; name = name or tostring(events); function events.fire_event(event, ...) logger("debug", "%s firing event: %s", name, event); return f(event, ...); end local function event_handler_hook(handler, event_name, event_data) logger("debug", "calling handler for %s: %s", event_name, handler); local ok, ret = pcall(handler, event_data); if not ok then logger("error", "error in event handler %s: %s", handler, ret); error(ret); end if ret ~= nil then logger("debug", "event chain ended for %s by %s with result: %s", event_name, handler, ret); end return ret; end events.set_debug_hook(event_handler_hook); events[events.fire_event] = f; return events; end local function revert_log_events(events) events.fire_event, events[events.fire_event] = events[events.fire_event], nil; -- :)) events.set_debug_hook(nil); end local function log_host_events(host) return log_events(prosody.hosts[host].events, host); end local function revert_log_host_events(host) return revert_log_events(prosody.hosts[host].events); end local function show_events(events, specific_event) local event_handlers = events._handlers; local events_array = {}; local event_handler_arrays = {}; for event, priorities in pairs(events._event_map) do local handlers = event_handlers[event]; if handlers and (event == specific_event or not specific_event) then table.insert(events_array, event); local handler_strings = {}; for i, handler in ipairs(handlers) do local upvals = debug.string_from_var_table(debug.get_upvalues_table(handler)); handler_strings[i] = " "..(priorities[handler] or "?")..": "..tostring(handler)..(upvals and ("\n "..upvals) or ""); end event_handler_arrays[event] = handler_strings; end end table.sort(events_array); local i = 1; while i <= #events_array do local handlers = event_handler_arrays[events_array[i]]; for j=#handlers, 1, -1 do table.insert(events_array, i+1, handlers[j]); end if i > 1 then events_array[i] = "\n"..events_array[i]; end i = i + #handlers + 1 end return table.concat(events_array, "\n"); end local function get_upvalue(f, get_name) local i, name, value = 0; repeat i = i + 1; name, value = debug.getupvalue(f, i); until name == get_name or name == nil; return value; end return { log_host_events = log_host_events; revert_log_host_events = revert_log_host_events; log_events = log_events; revert_log_events = revert_log_events; show_events = show_events; get_upvalue = get_upvalue; };
