25
1
mirror of https://github.com/processone/ejabberd.git synced 2024-12-26 17:38:45 +01:00
Commit Graph

80 Commits

Author SHA1 Message Date
Evgeny Khramtsov
6f5d99275b Process unexpected messages uniformly 2019-07-12 11:55:36 +03:00
Evgeny Khramtsov
b479fe5315 Use correct stacktrace in logging macros
By calling erlang:get_stacktrace() inside a lager function
we obtain actually a stacktrace of the lager function, not
the one we got during exception. This is not a problem for
newest Erlang versions though.
2019-06-26 00:05:41 +03:00
Evgeny Khramtsov
a3e0cbbdd8 Make logging messages more consistent 2019-06-24 20:32:34 +03:00
Evgeny Khramtsov
a02cff0e78 Use new configuration validator 2019-06-14 12:33:26 +03:00
Paweł Chmielowski
c88a2d0569 Add code for handling deprecations of get_stacktrace() 2018-12-13 11:46:53 +01:00
Evgeny Khramtsov
39fa1a810d Move certificates processing code to pkix application
==== WARNING: MUST BE ADDED TO RELEASE NOTES =====
The commit introduces the following incompatibility:
- Option 'ca_path' is deprecated and has no effect anymore:
  option 'ca_file' should be used instead if needed.
==================================================
2018-09-27 20:37:27 +03:00
Evgeny Khramtsov
2d246f61dd Fix some dialyzer warnings 2018-09-09 09:59:08 +03:00
Evgeniy Khramtsov
88d0b71d58 Get stacktrace out of lager context
Calling erlang:get_stacktrace() inside lager functions produces
stacktraces of the logging function itself, not the function which has failed.
2018-09-01 19:37:26 +03:00
Badlop
f3f3b1586e Fix typo in command description 2018-08-13 16:42:16 +02:00
Badlop
5509e648ad Allow acme and oauth commands to be read by gen_markdown_doc_for_commands 2018-08-07 16:58:48 +02:00
Evgeniy Khramtsov
66591b1c0d Improve URLs validation 2018-06-29 11:06:24 +03:00
Evgeniy Khramtsov
fd8e07af47 Get rid of ejabberd.hrl header
The header consisted of too many unrelated stuff and macros misuse.
Some stuff is moved into scram.hrl and type_compat.hrl.
All macros have been replaced with the corresponding function calls.

TODO: probably type_compat.hrl is not even needed anymore since
we support only Erlang >= OTP 17.5
2018-06-14 14:00:47 +03:00
Paweł Chmielowski
f6ebbe4c78 Fix compilation ordering in mix by s/-behavior/-behaviour/ 2018-01-31 14:57:43 +01:00
Evgeniy Khramtsov
49c4aa238f Change file mode of ACME certficates 2017-11-19 10:10:21 +03:00
Evgeniy Khramtsov
e709d6561c Re-read ACME certificates on config reload 2017-11-19 09:56:05 +03:00
Evgeniy Khramtsov
f06805534c Fix renew_certificates ejabberdctl command
Thanks to Konstantinos Kallas
2017-11-17 18:37:49 +03:00
Evgeniy Khramtsov
4f12359b9c Don't forget to include intermediate ACME certificate
Thanks to Konstantinos Kallas
2017-11-17 17:17:19 +03:00
Evgeniy Khramtsov
f599c2ef82 Fix ACME options validation 2017-11-17 15:55:33 +03:00
Evgeniy Khramtsov
224a3e13c9 Improve ACME options validation 2017-11-17 13:06:04 +03:00
Evgeniy Khramtsov
4835537776 Move ejabberdctl ACME commands to other location 2017-11-17 12:50:27 +03:00
Evgeniy Khramtsov
ce98226603 Make ACME code working with ejabberd_pkix 2017-11-17 11:59:40 +03:00
Evgeniy Khramtsov
b04c6b7d75 Merge branch 'lets_encrypt_acme_support' of git://github.com/angelhof/ejabberd into angelhof-lets_encrypt_acme_support
Conflicts:
	rebar.config
	src/ejabberd_pkix.erl
2017-11-15 10:01:30 +03:00
Konstantinos Kallas
ce99db0595 Explain what is needed for the acme configuration and other small changes
1. Add a request handler in ejabberd_http and explain how to configure the http listener so that the challenges can be solved.
2. Make acme configuration optional by providing defaults in ejabberd_acme.
3. Save the CA that the account has been created in so that it creates a new account when connecting to a new CA.
4. Small spec change in acme configuration.
2017-11-14 14:12:33 +02:00
Konstantinos Kallas
f55a8d045d Solve Travis build xref problem
Travis build failed on xref because some functions that I used did not exist in OTP versions 17.5, 18.3
Those functions are: ets:take/2, lists:join/2, erlang:timestamp/0.
2017-09-06 18:10:38 +03:00
Konstantinos Kallas
80b44d8c15 Remove some unused variable warnings, replace lists:join with string join 2017-08-25 12:08:16 +03:00
Konstantinos Kallas
62903155fd Show SANs in list_Certificates 2017-08-22 14:44:19 +03:00
Konstantinos Kallas
25ca6e5582 Acquire certificates for all subdomains of a host and include them in SAN 2017-08-22 13:36:34 +03:00
Konstantinos Kallas
10f7b5a548 Remove partial RSA key support 2017-08-22 10:25:37 +03:00
Konstantinos Kallas
f2876bdad7 Add certfile when acquired 2017-08-22 10:12:42 +03:00
Konstantinos Kallas
9b3e160e18 Remove some debugging INFO_MSGs 2017-08-19 17:47:05 +03:00
Konstantinos Kallas
15dd88385f Delete a development acme module 2017-08-19 16:58:06 +03:00
Konstantinos Kallas
dd42d52ff9 Merge remove_account_option branch 2017-08-19 13:36:42 +03:00
Konstantinos Kallas
e45f7ddfec Cleanup some comments: 2017-08-19 13:32:13 +03:00
Konstantinos Kallas
7cc7b74f1e Add acme certificates for all configured hosts in ejabberd_pkix 2017-08-19 12:50:40 +03:00
Konstantinos Kallas
ddfe8742c7 Add behaviour ejabberd_config in ejabberd_acme in order to validate the config 2017-08-19 11:35:15 +03:00
Konstantinos Kallas
051e2c639c Change some specs 2017-08-12 18:00:46 +03:00
Konstantinos Kallas
a72a7f830a Add support to revoke a certificate by providing the pem
This is important so that a user can revoke a certificate that is not acquired or logged from our acme client
2017-08-12 17:14:23 +03:00
Konstantinos Kallas
73f0b6707a Move the ca_url to the config file 2017-08-12 15:59:54 +03:00
Konstantinos Kallas
1aadb797b3 Remove the new account option from get certificate. There is no reason for having this 2017-08-11 14:10:55 +03:00
Konstantinos Kallas
7140c8d844 Format expired certificates differently in list_certificates 2017-08-11 13:28:17 +03:00
Konstantinos Kallas
2b1fea01cd Renew certificate now renews all saved certificates that are close to expire
Before this commit renew_certificate only checked the hosts in the config file and renewd the certificates for those. However the user can request certificates apart from the hosts in the config file so he should be able to also renew them.
2017-08-10 18:54:26 +03:00
Konstantinos Kallas
c20bfb3422 Revoke Certificate: Jose Private Key
Instead of signing the jose object with the account private key, it now signs the object using the certificate private key. This is useful in case the user wants to revoke a old certificate whose account key doesn't exist anymore.
2017-08-10 17:23:13 +03:00
Konstantinos Kallas
011b7ac3f2 Support getting certificates for domains not specified in the configuration file 2017-08-10 15:26:35 +03:00
Konstantinos Kallas
97a4d57f2e Remove some debugging functions 2017-08-08 18:00:37 +03:00
Konstantinos Kallas
9756b452d6 Implement renew_certificate command
This command renews the certificates for all domains that already have a certificate that has expired or is close to expiring. It is meant to be run automatically more often than the renewal process because if the certificates are valid nothing happens
2017-08-08 16:38:19 +03:00
Konstantinos Kallas
7fa9a387ae Try catch when formatting certificates 2017-08-08 12:45:57 +03:00
Konstantinos Kallas
48254a1e10 Change certificate notAfter to 90 days
As stated in Let's Encrypt FAQ: https://letsencrypt.org/docs/faq/
2017-08-08 12:23:13 +03:00
Konstantinos Kallas
e6e8e64f84 Improve return format of get_certificates command 2017-08-02 21:10:49 +03:00
Konstantinos Kallas
ac7105d39e Implement verbose list_certificates option 2017-08-02 19:36:11 +03:00
Konstantinos Kallas
3abe3aeeec Finish revoke_certificate and add specs
1. Add a try catch in the final revoke_certificate function
2. Also delete the certificate from persistent memory when it is done revoked
2017-07-29 19:10:06 +03:00