core.certmanager: Expand debug messages about cert lookups in index
0.12
|
Kim Alvefur |
Mon, 16 May 2022 11:39:17 +0200 |
net: refactor sslconfig to not depend on LuaSec
|
Jonas Schäfer |
Sat, 02 Apr 2022 11:15:33 +0200 |
net: isolate LuaSec-specifics
|
Jonas Schäfer |
Wed, 27 Apr 2022 17:44:14 +0200 |
Merge config-updates+check-turn from timber
|
Matthew Wild |
Fri, 04 Mar 2022 16:33:41 +0000 |
core.certmanager: Turn soft dependency on LuaSec into a hard
|
Kim Alvefur |
Thu, 10 Feb 2022 17:15:55 +0100 |
core.certmanager: Ensure key exists for fullchain
|
Kim Alvefur |
Mon, 21 Feb 2022 08:54:39 +0100 |
core.certmanager: Relax certificate filename check #1713
|
Kim Alvefur |
Mon, 14 Feb 2022 18:29:31 +0100 |
core.certmanager: Use 'tls_profile' instead of 'tls_preset' to match documentation
|
Kim Alvefur |
Tue, 18 Jan 2022 11:52:35 +0100 |
core.certmanager: Apply TLS preset before global settings (thanks Menel)
|
Kim Alvefur |
Tue, 18 Jan 2022 08:04:16 +0100 |
core.certmanager: Disable DANE name checks (not needed for XMPP)
|
Kim Alvefur |
Thu, 16 Sep 2021 09:52:51 +0200 |
core.certmanager: Add curveslist to 'old' Mozilla TLS preset
|
Kim Alvefur |
Sun, 26 Dec 2021 00:05:16 +0100 |
core.certmanager: Check index for wildcard certs
|
Kim Alvefur |
Wed, 22 Dec 2021 15:13:49 +0100 |
prosodyctl cert: use the indexing functions for better UX
|
Jonas Schäfer |
Tue, 21 Dec 2021 21:20:21 +0100 |
core.certmanager: Rename preset option to 'tls_preset'
|
Kim Alvefur |
Wed, 22 Dec 2021 14:24:26 +0100 |
core.certmanager: Add "legacy" preset for keeping previous default settings
|
Kim Alvefur |
Wed, 22 Dec 2021 14:12:10 +0100 |
core.certmanager: Add TLS 1.3 cipher suites to Mozilla TLS presets
|
Kim Alvefur |
Wed, 03 Nov 2021 12:23:29 +0100 |
core.certmanager: Presets based on Mozilla SSL Configuration Generator
|
Kim Alvefur |
Sun, 22 Dec 2019 02:25:37 +0100 |
core.certmanager: Support 'use_dane' setting to enable DANE support
|
Kim Alvefur |
Sun, 18 Jul 2021 22:46:57 +0200 |
core.certmanager: Skip service certificate lookup for https client
|
Kim Alvefur |
Thu, 27 May 2021 09:22:07 +0200 |
Merge 0.11->trunk
|
Matthew Wild |
Thu, 13 May 2021 11:17:13 +0100 |
certmanager: Disable renegotiation by default
0.11
|
Matthew Wild |
Tue, 11 May 2021 14:14:15 +0100 |
core.certmanager: Test for SSL options in absence of LuaSec config
0.11
|
Kim Alvefur |
Mon, 26 Apr 2021 15:32:05 +0200 |
core.certmanager: Attempt to directly access LuaSec config table
0.11
|
Kim Alvefur |
Mon, 26 Apr 2021 15:30:13 +0200 |
core.certmanager: Catch error from lfs
|
Kim Alvefur |
Fri, 07 May 2021 16:47:58 +0200 |
core.certmanager: Resolve certs path relative to config dir
|
Kim Alvefur |
Fri, 07 May 2021 16:35:37 +0200 |
core.certmanager: Skip directly to guessing of key from cert filename
|
Kim Alvefur |
Wed, 05 May 2021 15:56:39 +0200 |
core.certmanager: Join paths with OS-aware util.paths function
|
Kim Alvefur |
Wed, 05 May 2021 15:54:05 +0200 |
core.certmanager: Build an index over certificates
|
Kim Alvefur |
Sat, 10 Apr 2021 14:45:40 +0200 |
core.certmanager: Check for complete filename
|
Kim Alvefur |
Sat, 10 Apr 2021 14:45:03 +0200 |
core.certmanager: Add comments explaining the 'verifyext' TLS settings
|
Kim Alvefur |
Sat, 06 Feb 2021 22:12:38 +0100 |
core.certmanager: Add TODO about LuaSec issue
|
Kim Alvefur |
Sun, 07 Jun 2020 02:12:50 +0200 |
Merge 0.11->trunk
|
Kim Alvefur |
Mon, 13 Apr 2020 16:14:39 +0200 |
core.certmanager: Move EECDH ciphers before EDH in default cipherstring (fixes #1513)
0.11
|
Kim Alvefur |
Sun, 25 Aug 2019 20:22:35 +0200 |
Merge 0.11->trunk
|
Kim Alvefur |
Fri, 10 Apr 2020 19:03:36 +0200 |
core.certmanager: Look for privkey.pem to go with fullchain.pem (fix #1526)
0.11
|
Kim Alvefur |
Fri, 10 Apr 2020 16:11:09 +0200 |
core.portmanager: Fix TLS context inheritance for SNI hosts (completes SNI support)
|
Kim Alvefur |
Fri, 29 Nov 2019 23:24:14 +0100 |
core.certmanager: Lower severity for tls config not having cert
|
Kim Alvefur |
Sat, 07 Sep 2019 00:00:40 +0200 |
core.certmanager: Remove unused import [luacheck]
|
Kim Alvefur |
Sun, 25 Aug 2019 23:25:42 +0200 |
Remove COMPAT with temporary luasec fork
|
Kim Alvefur |
Sun, 25 Aug 2019 23:12:55 +0200 |
core.certmanager: Move EECDH ciphers before EDH in default cipherstring
|
Kim Alvefur |
Sun, 25 Aug 2019 20:22:35 +0200 |
core.certmanager: Do not ask for client certificates by default
|
Kim Alvefur |
Sun, 10 Mar 2019 19:58:28 +0100 |
Merge 0.10->trunk
|
Kim Alvefur |
Fri, 25 May 2018 03:33:13 +0200 |
core.certmanager: Allow all non-whitespace in service name (fixes #1019)
|
Kim Alvefur |
Fri, 25 May 2018 03:30:16 +0200 |
vairious: Add annotation when an empty environment is set [luacheck]
|
Kim Alvefur |
Wed, 28 Feb 2018 20:06:26 +0100 |
certmanager: Check for missing certificate before key in configuration (should be marginally less confusing)
|
Kim Alvefur |
Thu, 28 Dec 2017 17:32:56 +0100 |
certmanager: Set single curve conditioned on LuaSec advertising EC crypto support
|
Kim Alvefur |
Mon, 20 Nov 2017 00:27:26 +0100 |
certmanager: Filter out curves not supported by LuaSec
|
Kim Alvefur |
Mon, 20 Nov 2017 00:26:41 +0100 |
certmanager: Change table representing LuaSec capabilities to match capabilities table exposed in LuaSec 0.7
|
Kim Alvefur |
Mon, 20 Nov 2017 00:25:18 +0100 |
core.certmanager: Set a default curveslist [sic], fixes #879, #943, #951 if used along with luasec 0.7 and openssl 1.1
|
Kim Alvefur |
Wed, 27 Sep 2017 15:45:07 +0200 |
prosodyctl: cert import: Reuse function from certmanager for locating certificates and keys
|
Kim Alvefur |
Wed, 27 Sep 2017 15:21:20 +0200 |
certmanager: Add debug logging (thanks av6)
|
Matthew Wild |
Sat, 23 Sep 2017 17:13:29 +0100 |
certmanager: Update the 'certificates' option after the config has been reloaded (fixes #929)
|
Kim Alvefur |
Thu, 01 Jun 2017 14:03:50 +0200 |
core.certmanager: Translate "no start line" to something friendlier (thanks santiago)
|
Kim Alvefur |
Sat, 26 Nov 2016 20:08:48 +0100 |
core.certmanager: Split cipher list into array with comments explaining each part
|
Kim Alvefur |
Mon, 12 Sep 2016 15:49:24 +0200 |
certmanager: Assume default config path of '.' (fixes prosodyctl check certs when not installed)
|
Kim Alvefur |
Fri, 29 Jul 2016 11:24:28 +0200 |
certmanager: Explicitly tonumber() version number segments before doing arithmetic and avoid relying on implicit coercion (thanks David Favro)
|
Matthew Wild |
Sat, 26 Mar 2016 19:55:08 +0000 |
certmanager: Localize tonumber
|
Matthew Wild |
Thu, 18 Feb 2016 13:48:45 +0000 |
certmanager: Try filename.key if certificate is set to a full filename ending with .crt
|
Kim Alvefur |
Fri, 05 Feb 2016 16:12:01 +0100 |
certmanager: Apply global ssl config later so certificate/key is not overwritten by magic
|
Kim Alvefur |
Fri, 05 Feb 2016 15:03:39 +0100 |
certmanager: Support new certificate configuration for non-XMPP services too (fixes #614)
|
Matthew Wild |
Fri, 05 Feb 2016 00:03:41 +0000 |
core.certmanager: Look for certificate and key in a few different places
|
Kim Alvefur |
Wed, 03 Feb 2016 22:44:29 +0100 |
core.certmanager: Remove non-string filenames (allows setting eg capath to false to disable the built in default)
|
Kim Alvefur |
Sun, 11 Oct 2015 19:44:15 +0200 |
core.*: Remove use of module() function
|
Kim Alvefur |
Sat, 21 Feb 2015 10:42:19 +0100 |
certmanager: Fix compat for MattJs old LuaSec fork
|
Kim Alvefur |
Thu, 05 Feb 2015 17:23:53 +0100 |
certmanager: Fix previous commit
|
Kim Alvefur |
Thu, 05 Feb 2015 17:21:05 +0100 |
certmanager: Limit certificate chain depth to 9
|
Kim Alvefur |
Thu, 05 Feb 2015 16:59:34 +0100 |
certmanager: Options that appear to be available since LuaSec 0.2
|
Kim Alvefur |
Thu, 05 Feb 2015 16:56:28 +0100 |
certmanager: Improve "detection" of features that depend on LuaSec version
|
Kim Alvefur |
Thu, 05 Feb 2015 16:20:50 +0100 |
certmanager: Add locals for ssl.context and ssl.x509
|
Kim Alvefur |
Thu, 05 Feb 2015 15:14:35 +0100 |
certmanager: Early return from the entire module if LuaSec is unavailable
|
Kim Alvefur |
Thu, 05 Feb 2015 15:10:23 +0100 |
certmanager: Make global variable access explicit
|
Matthew Wild |
Tue, 20 Jan 2015 11:29:38 +0000 |
certmanager, mod_tls: Return final ssl config as third return value (fix for c6caaa440e74, portmanager assumes non-falsy second return value is an error) (thanks deoren)
|
Kim Alvefur |
Sat, 22 Nov 2014 11:51:54 +0100 |
certmanager: Return final ssl config along with ssl context on success
|
Kim Alvefur |
Wed, 19 Nov 2014 14:47:03 +0100 |
Merge 0.9->0.10
|
Kim Alvefur |
Sun, 26 Oct 2014 20:57:06 +0100 |
certmanager, net.http: Disable SSLv3 by default
0.9.6
|
Matthew Wild |
Tue, 14 Oct 2014 18:55:08 +0100 |
core.certmanager: Make create_context() support an arbitrary number of option sets, merging all
|
Kim Alvefur |
Thu, 03 Jul 2014 15:32:26 +0200 |
core.certmanager: Use util.sslconfig
|
Kim Alvefur |
Thu, 03 Jul 2014 15:31:12 +0200 |
core.certmanager, core.moduleapi, mod_storage_sql, mod_storage_sql2: Import from util.paths
|
Kim Alvefur |
Fri, 09 May 2014 19:35:29 +0200 |
certmanager: Move ssl.protocol handling to after ssl.options is a table (thanks Ralph)
|
Kim Alvefur |
Mon, 21 Apr 2014 02:43:09 +0200 |
certmanager: Fix traceback if no global 'ssl' section set (thanks albert)
|
Kim Alvefur |
Sun, 20 Apr 2014 21:25:26 +0200 |
certmanager: Update ssl_compression when config is reloaded
|
Kim Alvefur |
Tue, 15 Apr 2014 01:02:56 +0200 |
certmanager: Reformat core ssl defaults
|
Kim Alvefur |
Tue, 15 Apr 2014 00:49:17 +0200 |
certmanager: Support ssl.protocol syntax like "tlsv1+" that disables older protocols
|
Kim Alvefur |
Tue, 15 Apr 2014 00:45:07 +0200 |
certmanager: Merge ssl.options, verify etc from core defaults and global ssl settings with inheritance while allowing options to be disabled per virtualhost
|
Kim Alvefur |
Tue, 15 Apr 2014 00:32:11 +0200 |
certmanager: Wrap long line and add comment
|
Kim Alvefur |
Mon, 14 Apr 2014 23:41:26 +0200 |
certmanager: Concatenate cipher list if given as a table
|
Kim Alvefur |
Mon, 14 Apr 2014 23:34:35 +0200 |
certmanager: Allow non-server contexts to be without certificate and key
|
Kim Alvefur |
Mon, 14 Apr 2014 23:09:28 +0200 |
certmanager: Check for non-nil values instead of true-ish values, allows removing defaults
|
Kim Alvefur |
Mon, 14 Apr 2014 23:00:44 +0200 |
Merge 0.9->0.10
|
Matthew Wild |
Thu, 21 Nov 2013 02:14:23 +0000 |
certmanager: Further cipher string tweaking. Re-enable ciphers required for DSA and ECDH certs/keys.
|
Matthew Wild |
Thu, 21 Nov 2013 02:11:09 +0000 |
Merge 0.9->0.10
|
Matthew Wild |
Tue, 12 Nov 2013 02:23:02 +0000 |
Back out 1b0ac7950129, as SSLv3 appears to still be in moderate use on the network. Also, although obsolete, SSLv3 isn't documented to have any weaknesses that TLS 1.0 (the most common version used today) doesn't also have. Get your act together clients!
|
Matthew Wild |
Tue, 12 Nov 2013 02:13:01 +0000 |
Merge 0.9->0.10
|
Matthew Wild |
Sun, 10 Nov 2013 18:49:34 +0000 |
certmanager: Update default cipher string to prefer forward-secrecy over cipher strength and to disable triple-DES (weaker and much slower than AES)
|
Matthew Wild |
Sun, 10 Nov 2013 18:46:48 +0000 |
Merge 0.9->0.10
|
Matthew Wild |
Sat, 09 Nov 2013 18:36:32 +0000 |
certmanager: Fix order of options, so that the dynamic option is at the end of the array
|
Matthew Wild |
Sat, 09 Nov 2013 17:54:21 +0000 |
certmanager: Default to using the server's cipher preference order by default, as clients have been shown to commonly select weak and insecure ciphers even when they support stronger ones
|
Matthew Wild |
Sat, 09 Nov 2013 17:50:19 +0000 |
Merge 0.9 -> 0.10
|
Kim Alvefur |
Thu, 31 Oct 2013 20:47:57 +0100 |
certmanager: Disable SSLv3 by default
|
Kim Alvefur |
Thu, 31 Oct 2013 19:00:36 +0100 |
certmanager: Fix. Again.
|
Kim Alvefur |
Tue, 15 Oct 2013 10:47:34 +0200 |
certmanager: Add back single_dh_use and single_ecdh_use to default options (Zash breaks, Zash unbreaks)
|
Kim Alvefur |
Tue, 15 Oct 2013 01:37:16 +0200 |
certmanager: Allow for specifying the dhparam option as a path to a file instead of a callback
|
Kim Alvefur |
Tue, 03 Sep 2013 15:43:59 +0200 |
Merge 0.9->trunk
|
Kim Alvefur |
Tue, 03 Sep 2013 13:43:39 +0200 |
certmanager: Fix dhparam callback, missing imports (Testing, pfft)
0.9.1
|
Kim Alvefur |
Tue, 03 Sep 2013 13:40:29 +0200 |
Merge 0.9->trunk
|
Matthew Wild |
Tue, 03 Sep 2013 12:32:18 +0100 |
certmanager: Allow for specifying the dhparam option as a path to a file instead of a callback
|
Kim Alvefur |
Tue, 03 Sep 2013 13:13:31 +0200 |
certmanager: Fix for working around a bug with LuaSec 0.4.1 that causes it to not honour the 'ciphers' option. This change will apply 0.9's default cipher string for LuaSec 0.4.1 users.
|
Matthew Wild |
Tue, 03 Sep 2013 12:11:11 +0100 |
Remove all trailing whitespace
|
Florian Zeitz |
Fri, 09 Aug 2013 17:48:21 +0200 |
Merge 0.9->trunk
|
Matthew Wild |
Sat, 13 Jul 2013 13:17:53 +0100 |
certmanager: Set our own default cipher string, which includes only ciphers regarded as 'HIGH' strength (by OpenSSL). In particular this disables RC4.
|
Matthew Wild |
Sat, 13 Jul 2013 13:15:24 +0100 |
certmanager: Overhaul of how ssl configs are built.
|
Kim Alvefur |
Thu, 13 Jun 2013 17:44:42 +0200 |
Merge 0.9->trunk
|
Matthew Wild |
Thu, 13 Jun 2013 00:46:29 +0100 |
certmanager: Add single_dh_use and single_ecdh_use to default options
|
Matthew Wild |
Thu, 13 Jun 2013 00:45:41 +0100 |
Merge 0.9->trunk
|
Matthew Wild |
Thu, 13 Jun 2013 00:09:56 +0100 |
certmanager: Set ssl.curve to 'secp384r1' by default, to enable ECC ciphers
|
Matthew Wild |
Thu, 13 Jun 2013 00:04:04 +0100 |
Merge 0.9->trunk
|
Matthew Wild |
Tue, 11 Jun 2013 21:50:41 +0100 |
certmanager: Use 'curve' and 'dhparam' options from ssl config if present
|
Matthew Wild |
Tue, 11 Jun 2013 21:44:53 +0100 |
certmanager: Complain if key or certificate is missing from SSL config.
|
Kim Alvefur |
Fri, 07 Jun 2013 20:55:02 +0200 |
certmanager: Disable SSL compression if possible (LuaSec 0.5 or 0.4.1+OpenSSL 1.x)
|
Matthew Wild |
Wed, 22 May 2013 14:32:02 +0100 |
core.*: Complete removal of all traces of the "core" section and section-related code.
|
Kim Alvefur |
Sat, 23 Mar 2013 02:33:15 +0100 |