|
core.certmanager: Allow all non-whitespace in service name (fixes #1019)
|
Kim Alvefur |
2018-05-25 |
|
vairious: Add annotation when an empty environment is set [luacheck]
|
Kim Alvefur |
2018-02-28 |
|
certmanager: Check for missing certificate before key in configuration (should be marginally less confusing)
|
Kim Alvefur |
2017-12-28 |
|
certmanager: Set single curve conditioned on LuaSec advertising EC crypto support
|
Kim Alvefur |
2017-11-19 |
|
certmanager: Filter out curves not supported by LuaSec
|
Kim Alvefur |
2017-11-19 |
|
certmanager: Change table representing LuaSec capabilities to match capabilities table exposed in LuaSec 0.7
|
Kim Alvefur |
2017-11-19 |
|
core.certmanager: Set a default curveslist [sic], fixes #879, #943, #951 if used along with luasec 0.7 and openssl 1.1
|
Kim Alvefur |
2017-09-27 |
|
prosodyctl: cert import: Reuse function from certmanager for locating certificates and keys
|
Kim Alvefur |
2017-09-27 |
|
certmanager: Add debug logging (thanks av6)
|
Matthew Wild |
2017-09-23 |
|
certmanager: Update the 'certificates' option after the config has been reloaded (fixes #929)
|
Kim Alvefur |
2017-06-01 |
|
core.certmanager: Translate "no start line" to something friendlier (thanks santiago)
|
Kim Alvefur |
2016-11-26 |
|
core.certmanager: Split cipher list into array with comments explaining each part
|
Kim Alvefur |
2016-09-12 |
|
certmanager: Assume default config path of '.' (fixes prosodyctl check certs when not installed)
|
Kim Alvefur |
2016-07-29 |
|
certmanager: Explicitly tonumber() version number segments before doing arithmetic and avoid relying on implicit coercion (thanks David Favro)
|
Matthew Wild |
2016-03-26 |
|
certmanager: Localize tonumber
|
Matthew Wild |
2016-02-18 |
|
certmanager: Try filename.key if certificate is set to a full filename ending with .crt
|
Kim Alvefur |
2016-02-05 |
|
certmanager: Apply global ssl config later so certificate/key is not overwritten by magic
|
Kim Alvefur |
2016-02-05 |
|
certmanager: Support new certificate configuration for non-XMPP services too (fixes #614)
|
Matthew Wild |
2016-02-05 |
|
core.certmanager: Look for certificate and key in a few different places
|
Kim Alvefur |
2016-02-03 |
|
core.certmanager: Remove non-string filenames (allows setting eg capath to false to disable the built in default)
|
Kim Alvefur |
2015-10-11 |
|
core.*: Remove use of module() function
|
Kim Alvefur |
2015-02-21 |
|
certmanager: Fix compat for MattJs old LuaSec fork
|
Kim Alvefur |
2015-02-05 |
|
certmanager: Fix previous commit
|
Kim Alvefur |
2015-02-05 |
|
certmanager: Limit certificate chain depth to 9
|
Kim Alvefur |
2015-02-05 |
|
certmanager: Options that appear to be available since LuaSec 0.2
|
Kim Alvefur |
2015-02-05 |
|
certmanager: Improve "detection" of features that depend on LuaSec version
|
Kim Alvefur |
2015-02-05 |
|
certmanager: Add locals for ssl.context and ssl.x509
|
Kim Alvefur |
2015-02-05 |
|
certmanager: Early return from the entire module if LuaSec is unavailable
|
Kim Alvefur |
2015-02-05 |
|
certmanager: Make global variable access explicit
|
Matthew Wild |
2015-01-20 |
|
certmanager, mod_tls: Return final ssl config as third return value (fix for c6caaa440e74, portmanager assumes non-falsy second return value is an error) (thanks deoren)
|
Kim Alvefur |
2014-11-22 |
|
certmanager: Return final ssl config along with ssl context on success
|
Kim Alvefur |
2014-11-19 |
|
Merge 0.9->0.10
|
Kim Alvefur |
2014-10-26 |
|
certmanager, net.http: Disable SSLv3 by default
0.9.6
|
Matthew Wild |
2014-10-14 |
|
core.certmanager: Make create_context() support an arbitrary number of option sets, merging all
|
Kim Alvefur |
2014-07-03 |
|
core.certmanager: Use util.sslconfig
|
Kim Alvefur |
2014-07-03 |
|
core.certmanager, core.moduleapi, mod_storage_sql, mod_storage_sql2: Import from util.paths
|
Kim Alvefur |
2014-05-09 |
|
certmanager: Move ssl.protocol handling to after ssl.options is a table (thanks Ralph)
|
Kim Alvefur |
2014-04-21 |
|
certmanager: Fix traceback if no global 'ssl' section set (thanks albert)
|
Kim Alvefur |
2014-04-20 |
|
certmanager: Update ssl_compression when config is reloaded
|
Kim Alvefur |
2014-04-14 |
|
certmanager: Reformat core ssl defaults
|
Kim Alvefur |
2014-04-14 |
|
certmanager: Support ssl.protocol syntax like "tlsv1+" that disables older protocols
|
Kim Alvefur |
2014-04-14 |
|
certmanager: Merge ssl.options, verify etc from core defaults and global ssl settings with inheritance while allowing options to be disabled per virtualhost
|
Kim Alvefur |
2014-04-14 |
|
certmanager: Wrap long line and add comment
|
Kim Alvefur |
2014-04-14 |
|
certmanager: Concatenate cipher list if given as a table
|
Kim Alvefur |
2014-04-14 |
|
certmanager: Allow non-server contexts to be without certificate and key
|
Kim Alvefur |
2014-04-14 |
|
certmanager: Check for non-nil values instead of true-ish values, allows removing defaults
|
Kim Alvefur |
2014-04-14 |
|
Merge 0.9->0.10
|
Matthew Wild |
2013-11-21 |
|
certmanager: Further cipher string tweaking. Re-enable ciphers required for DSA and ECDH certs/keys.
|
Matthew Wild |
2013-11-21 |
|
Merge 0.9->0.10
|
Matthew Wild |
2013-11-12 |
|
Back out 1b0ac7950129, as SSLv3 appears to still be in moderate use on the network. Also, although obsolete, SSLv3 isn't documented to have any weaknesses that TLS 1.0 (the most common version used today) doesn't also have. Get your act together clients!
|
Matthew Wild |
2013-11-12 |
|
Merge 0.9->0.10
|
Matthew Wild |
2013-11-10 |
|
certmanager: Update default cipher string to prefer forward-secrecy over cipher strength and to disable triple-DES (weaker and much slower than AES)
|
Matthew Wild |
2013-11-10 |
|
Merge 0.9->0.10
|
Matthew Wild |
2013-11-09 |
|
certmanager: Fix order of options, so that the dynamic option is at the end of the array
|
Matthew Wild |
2013-11-09 |
|
certmanager: Default to using the server's cipher preference order by default, as clients have been shown to commonly select weak and insecure ciphers even when they support stronger ones
|
Matthew Wild |
2013-11-09 |
|
Merge 0.9 -> 0.10
|
Kim Alvefur |
2013-10-31 |
|
certmanager: Disable SSLv3 by default
|
Kim Alvefur |
2013-10-31 |
|
certmanager: Fix. Again.
|
Kim Alvefur |
2013-10-15 |
|
certmanager: Add back single_dh_use and single_ecdh_use to default options (Zash breaks, Zash unbreaks)
|
Kim Alvefur |
2013-10-14 |
|
certmanager: Allow for specifying the dhparam option as a path to a file instead of a callback
|
Kim Alvefur |
2013-09-03 |
|
Merge 0.9->trunk
|
Kim Alvefur |
2013-09-03 |
|
certmanager: Fix dhparam callback, missing imports (Testing, pfft)
0.9.1
|
Kim Alvefur |
2013-09-03 |
|
Merge 0.9->trunk
|
Matthew Wild |
2013-09-03 |
|
certmanager: Allow for specifying the dhparam option as a path to a file instead of a callback
|
Kim Alvefur |
2013-09-03 |
|
certmanager: Fix for working around a bug with LuaSec 0.4.1 that causes it to not honour the 'ciphers' option. This change will apply 0.9's default cipher string for LuaSec 0.4.1 users.
|
Matthew Wild |
2013-09-03 |
|
Remove all trailing whitespace
|
Florian Zeitz |
2013-08-09 |
|
Merge 0.9->trunk
|
Matthew Wild |
2013-07-13 |
|
certmanager: Set our own default cipher string, which includes only ciphers regarded as 'HIGH' strength (by OpenSSL). In particular this disables RC4.
|
Matthew Wild |
2013-07-13 |
|
certmanager: Overhaul of how ssl configs are built.
|
Kim Alvefur |
2013-06-13 |
|
Merge 0.9->trunk
|
Matthew Wild |
2013-06-12 |
|
certmanager: Add single_dh_use and single_ecdh_use to default options
|
Matthew Wild |
2013-06-12 |
|
Merge 0.9->trunk
|
Matthew Wild |
2013-06-12 |
|
certmanager: Set ssl.curve to 'secp384r1' by default, to enable ECC ciphers
|
Matthew Wild |
2013-06-12 |
|
Merge 0.9->trunk
|
Matthew Wild |
2013-06-11 |
|
certmanager: Use 'curve' and 'dhparam' options from ssl config if present
|
Matthew Wild |
2013-06-11 |
|
certmanager: Complain if key or certificate is missing from SSL config.
|
Kim Alvefur |
2013-06-07 |
|
certmanager: Disable SSL compression if possible (LuaSec 0.5 or 0.4.1+OpenSSL 1.x)
|
Matthew Wild |
2013-05-22 |
|
core.*: Complete removal of all traces of the "core" section and section-related code.
|
Kim Alvefur |
2013-03-23 |
|
certmanager: Fix nil index if no LuaSec available
|
Kim Alvefur |
2013-01-07 |
|
core.certmanager: Add support for LuaSec 0.5. Also compat with MattJs luasec-hg
|
Kim Alvefur |
2012-12-28 |
|
certmanager: Remove unused import of setmetatable
|
Matthew Wild |
2012-07-23 |
|
certmanager: Fix for traceback WITH LuaSec... (!) (thanks IRON)
|
Matthew Wild |
2012-07-23 |
|
certmanager: Fix traceback for missing LuaSec (thanks Link Mauve)
|
Matthew Wild |
2012-07-23 |
|
certmanager: Add quotes around cert file path when logging.
|
Waqas Hussain |
2012-06-12 |
|
certmanager: tonumber() (fix for 0b8134015635)
|
Matthew Wild |
2012-05-19 |
|
certmanager: Don't use no_ticket option before LuaSec 0.4
|
Matthew Wild |
2012-05-19 |
|
certmanager: no_ticket is not a verification option (thanks Zash)
|
Matthew Wild |
2012-05-18 |
|
certmanager: Add no_ticket option for OpenSSL (we don't support resumption yet)
|
Matthew Wild |
2012-05-17 |
|
certmanager: Adjust error messages to be non-specific about 'host' (so we can specify a service name instead ffor SSL)
|
Matthew Wild |
2012-05-11 |
|
core.certmanager: Log a message when a password is required but not supplied. fixes #214
|
Kim Alvefur |
2012-04-21 |
|
certmanager: More informative logging.
|
Waqas Hussain |
2011-11-01 |
|
certmanager: Support setting ciphers in SSL config. LuaSec apparently ignores the documented ciphers option.
|
Waqas Hussain |
2011-08-25 |
|
certmanager: Add required verify flags for cert verification if LuaSec (probably) supports them
|
Matthew Wild |
2010-11-28 |
|
prosody, configmanager, certmanager: Relocate prosody.resolve_relative_path() to configmanager, and update certmanager (the only user of this function)
|
Matthew Wild |
2010-11-10 |
|
certmanager, hostmanager, mod_tls: Move responsibility for creating per-host SSL contexts to mod_tls, meaning reloading certs is now as trivial as reloading mod_tls
|
Matthew Wild |
2010-11-06 |
|
Monster whitespace commit (beware the whitespace monster).
|
Waqas Hussain |
2010-10-16 |
|
prosody.resolve_relative_path: Updated to take a parent path to resolve against.
|
Waqas Hussain |
2010-07-23 |
|
Merge 0.7->trunk
|
Matthew Wild |
2010-07-23 |
|
certmanager: Don't disable LuaSec and future cert loading on failure, and add error messages to the no LuaSec/config cases (thanks Jakob)
|
Matthew Wild |
2010-07-23 |
|
Merge with backout
|
Matthew Wild |
2010-07-15 |
|
Backed out changeset 598c33a99a31 (already fixed a better way)
|
Matthew Wild |
2010-07-15 |
|
certmanager: Fix to handle the case of no SSL configuration at all
|
Matthew Wild |
2010-07-14 |
|
certmanager: Added copyright header.
|
Waqas Hussain |
2010-07-15 |
|
certmanager: Defined default_capath to prevent a global nil access.
|
Waqas Hussain |
2010-07-15 |
|
certmanager: Use an empty table as the default ssl config when a global 'ssl' config option isn't specified (fixes a top-level traceback on startup).
|
Waqas Hussain |
2010-07-15 |
|
certmanager: Remove debug logging accidentally committed
|
Matthew Wild |
2010-07-13 |
|
certmanager: Adjust paths of SSL key/certs to be relative to the config file, fixes #147
|
Matthew Wild |
2010-07-13 |
|
certmanager: Friendlier error reporting on OpenWRT and other cases where we don't understand the OpenSSL error
|
Matthew Wild |
2010-03-05 |
|
certmanager: Fix nil global access (thanks Marc)
|
Matthew Wild |
2010-03-05 |
|
certmanager: Fix global access
|
Matthew Wild |
2010-03-01 |
|
Merge with 0.7
|
Matthew Wild |
2010-02-13 |
|
certmanager: Bring back the friendly errors when failing to load the key/certificate file
|
Matthew Wild |
2010-02-13 |
|
certmanager, hostmanager: Rename get_context() to create_context() to be more explicit about what it does
|
Matthew Wild |
2010-02-13 |
|
certmanager: Fix traceback with no LuaSec
|
Matthew Wild |
2010-02-05 |
|
certmanager: Tabs not spaces!
|
Matthew Wild |
2010-02-05 |
|
certmanager: Hello world, I'm come to manage your SSL contexts
|
Matthew Wild |
2010-01-31 |
