Log

core/certmanager.lua @ 10338:56a0f68b7797

description author age
core.certmanager: Lower severity for tls config not having cert Kim Alvefur 2019-09-06
core.certmanager: Remove unused import [luacheck] Kim Alvefur 2019-08-25
Remove COMPAT with temporary luasec fork Kim Alvefur 2019-08-25
core.certmanager: Move EECDH ciphers before EDH in default cipherstring Kim Alvefur 2019-08-25
core.certmanager: Do not ask for client certificates by default Kim Alvefur 2019-03-10
Merge 0.10->trunk Kim Alvefur 2018-05-25
core.certmanager: Allow all non-whitespace in service name (fixes #1019) Kim Alvefur 2018-05-25
vairious: Add annotation when an empty environment is set [luacheck] Kim Alvefur 2018-02-28
certmanager: Check for missing certificate before key in configuration (should be marginally less confusing) Kim Alvefur 2017-12-28
certmanager: Set single curve conditioned on LuaSec advertising EC crypto support Kim Alvefur 2017-11-19
certmanager: Filter out curves not supported by LuaSec Kim Alvefur 2017-11-19
certmanager: Change table representing LuaSec capabilities to match capabilities table exposed in LuaSec 0.7 Kim Alvefur 2017-11-19
core.certmanager: Set a default curveslist [sic], fixes #879, #943, #951 if used along with luasec 0.7 and openssl 1.1 Kim Alvefur 2017-09-27
prosodyctl: cert import: Reuse function from certmanager for locating certificates and keys Kim Alvefur 2017-09-27
certmanager: Add debug logging (thanks av6) Matthew Wild 2017-09-23
certmanager: Update the 'certificates' option after the config has been reloaded (fixes #929) Kim Alvefur 2017-06-01
core.certmanager: Translate "no start line" to something friendlier (thanks santiago) Kim Alvefur 2016-11-26
core.certmanager: Split cipher list into array with comments explaining each part Kim Alvefur 2016-09-12
certmanager: Assume default config path of '.' (fixes prosodyctl check certs when not installed) Kim Alvefur 2016-07-29
certmanager: Explicitly tonumber() version number segments before doing arithmetic and avoid relying on implicit coercion (thanks David Favro) Matthew Wild 2016-03-26
certmanager: Localize tonumber Matthew Wild 2016-02-18
certmanager: Try filename.key if certificate is set to a full filename ending with .crt Kim Alvefur 2016-02-05
certmanager: Apply global ssl config later so certificate/key is not overwritten by magic Kim Alvefur 2016-02-05
certmanager: Support new certificate configuration for non-XMPP services too (fixes #614) Matthew Wild 2016-02-05
core.certmanager: Look for certificate and key in a few different places Kim Alvefur 2016-02-03
core.certmanager: Remove non-string filenames (allows setting eg capath to false to disable the built in default) Kim Alvefur 2015-10-11
core.*: Remove use of module() function Kim Alvefur 2015-02-21
certmanager: Fix compat for MattJs old LuaSec fork Kim Alvefur 2015-02-05
certmanager: Fix previous commit Kim Alvefur 2015-02-05
certmanager: Limit certificate chain depth to 9 Kim Alvefur 2015-02-05
certmanager: Options that appear to be available since LuaSec 0.2 Kim Alvefur 2015-02-05
certmanager: Improve "detection" of features that depend on LuaSec version Kim Alvefur 2015-02-05
certmanager: Add locals for ssl.context and ssl.x509 Kim Alvefur 2015-02-05
certmanager: Early return from the entire module if LuaSec is unavailable Kim Alvefur 2015-02-05
certmanager: Make global variable access explicit Matthew Wild 2015-01-20
certmanager, mod_tls: Return final ssl config as third return value (fix for c6caaa440e74, portmanager assumes non-falsy second return value is an error) (thanks deoren) Kim Alvefur 2014-11-22
certmanager: Return final ssl config along with ssl context on success Kim Alvefur 2014-11-19
Merge 0.9->0.10 Kim Alvefur 2014-10-26
certmanager, net.http: Disable SSLv3 by default 0.9.6 Matthew Wild 2014-10-14
core.certmanager: Make create_context() support an arbitrary number of option sets, merging all Kim Alvefur 2014-07-03
core.certmanager: Use util.sslconfig Kim Alvefur 2014-07-03
core.certmanager, core.moduleapi, mod_storage_sql, mod_storage_sql2: Import from util.paths Kim Alvefur 2014-05-09
certmanager: Move ssl.protocol handling to after ssl.options is a table (thanks Ralph) Kim Alvefur 2014-04-21
certmanager: Fix traceback if no global 'ssl' section set (thanks albert) Kim Alvefur 2014-04-20
certmanager: Update ssl_compression when config is reloaded Kim Alvefur 2014-04-14
certmanager: Reformat core ssl defaults Kim Alvefur 2014-04-14
certmanager: Support ssl.protocol syntax like "tlsv1+" that disables older protocols Kim Alvefur 2014-04-14
certmanager: Merge ssl.options, verify etc from core defaults and global ssl settings with inheritance while allowing options to be disabled per virtualhost Kim Alvefur 2014-04-14
certmanager: Wrap long line and add comment Kim Alvefur 2014-04-14
certmanager: Concatenate cipher list if given as a table Kim Alvefur 2014-04-14
certmanager: Allow non-server contexts to be without certificate and key Kim Alvefur 2014-04-14
certmanager: Check for non-nil values instead of true-ish values, allows removing defaults Kim Alvefur 2014-04-14
Merge 0.9->0.10 Matthew Wild 2013-11-21
certmanager: Further cipher string tweaking. Re-enable ciphers required for DSA and ECDH certs/keys. Matthew Wild 2013-11-21
Merge 0.9->0.10 Matthew Wild 2013-11-12
Back out 1b0ac7950129, as SSLv3 appears to still be in moderate use on the network. Also, although obsolete, SSLv3 isn't documented to have any weaknesses that TLS 1.0 (the most common version used today) doesn't also have. Get your act together clients! Matthew Wild 2013-11-12
Merge 0.9->0.10 Matthew Wild 2013-11-10
certmanager: Update default cipher string to prefer forward-secrecy over cipher strength and to disable triple-DES (weaker and much slower than AES) Matthew Wild 2013-11-10
Merge 0.9->0.10 Matthew Wild 2013-11-09
certmanager: Fix order of options, so that the dynamic option is at the end of the array Matthew Wild 2013-11-09