prosody
8da11142fabf
certs/openssl.cnf

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

File

certs/openssl.cnf @ 8791:8da11142fabf

muc: Allow clients to change multiple affiliations or roles at once (#345) According to XEP-0045 sections 9.2, 9.5 and 9.8 affiliation lists and role lists should allow mass-modification. Prosody however would just use the first entry of the list and ignore the rest. This is fixed by introducing a `for` loop to `set` stanzas of the respective `muc#admin` namespace. In order for this loop to work, the error handling was changed a little. Prosody no longer returns after the first error. Instead, an error reply is sent for each malformed or otherwise wrong entry, but the loop keeps going over the other entries. This may lead to multiple error messages being sent for one client request. A notable exception from this is when the XML Schema for `muc#admin` requests is violated. In that case the loop is aborted with an error message to the client. The change is a bit bigger than that in order to have the loop only for `set` stanzas without changing the behaviour of the `get` stanzas. This is now more in line with trunk, where there are separate methods for each stanza type. References: #345
author Lennart Sauerbeck <devel@lennart.sauerbeck.org>
date Sat, 18 Mar 2017 18:47:28 +0100
parent 6922:e0672860d208
child 12604:bd9e006a7a74
line wrap: on
line source

oid_section = new_oids

[ new_oids ]

# RFC 6120 section 13.7.1.4. defines this OID
xmppAddr = 1.3.6.1.5.5.7.8.5

# RFC 4985 defines this OID
SRVName  = 1.3.6.1.5.5.7.8.7

[ req ]

default_bits       = 4096
default_keyfile    = example.com.key
distinguished_name = distinguished_name
req_extensions     = certrequest
x509_extensions    = selfsigned

# ask about the DN?
prompt = no

[ distinguished_name ]

commonName             = example.com
countryName            = GB
localityName           = The Internet
organizationName       = Your Organisation
organizationalUnitName = XMPP Department
emailAddress           = xmpp@example.com

[ certrequest ]

# for certificate requests (req_extensions)

basicConstraints = CA:FALSE
keyUsage         = digitalSignature,keyEncipherment
extendedKeyUsage = serverAuth,clientAuth
subjectAltName   = @subject_alternative_name

[ selfsigned ]

# and self-signed certificates (x509_extensions)

basicConstraints = CA:TRUE
subjectAltName = @subject_alternative_name

[ subject_alternative_name ]

# See http://tools.ietf.org/html/rfc6120#section-13.7.1.2 for more info.

DNS.0       =                                           example.com
otherName.0 =                 xmppAddr;FORMAT:UTF8,UTF8:example.com
otherName.1 =            SRVName;IA5STRING:_xmpp-client.example.com
otherName.2 =            SRVName;IA5STRING:_xmpp-server.example.com

DNS.1       =                                conference.example.com
otherName.3 =      xmppAddr;FORMAT:UTF8,UTF8:conference.example.com
otherName.4 = SRVName;IA5STRING:_xmpp-server.conference.example.com