Chapril/xmpp.chapril.org-ejabberd
25
1
Fork 0
mirror of https://github.com/processone/ejabberd.git synced 2024-10-31 15:21:38 +01:00
Code Releases Activity
9,399 Commits 7 Branches 109 Tags 65 MiB
2cd53410bc
Commit Graph

52 Commits

Author SHA1 Message Date
Badlop
13ebe89fdc Remove unused format_status/2 callback that is deprecated in OTP 27 2024-04-30 18:00:32 +02:00
Badlop
589521bfd8 Update copyright year to 2024 (#4139) 2024-01-22 17:29:13 +01:00
Badlop
243697e25a Update copyright year to 2023 (#3967) 2023-01-10 13:52:04 +01:00
Badlop
b3211b1f71 Update copyright year to 2022 2022-02-11 09:39:25 +01:00
Badlop
6e0161470e Update newest copyright year to 2021 (#3464) 2021-01-27 17:02:06 +01:00
Badlop
d7d8085d3b Fix most EDoc errors, even if that's not used nowadays apparently 2020-05-11 19:53:13 +02:00
Badlop
2d32c66fd7 Update copyright to 2020 (#3149) 2020-01-28 15:49:23 +01:00
Evgeny Khramtsov
5770946f03 Correctly handle unicode in log messages 2019-09-23 15:17:20 +03:00
Evgeny Khramtsov
b7e296857c Don't call to xmpp_idna 2019-09-22 13:28:14 +03:00
Evgeny Khramtsov
81ae691738 Use round/0 instead of ceil/0 
Because ceil/0 was introduced in OTP20.0 only
 2019-09-20 15:33:08 +03:00
Evgeny Khramtsov
e227940b85 Improve ACME implementation 
Fixes #2487, fixes #2590, fixes #2638
 2019-09-20 12:36:31 +03:00
Evgeny Khramtsov
a02cff0e78 Use new configuration validator 2019-06-14 12:33:26 +03:00
Badlop
55417dfb37 Update copyright to 2019 (#2756) 2019-01-08 22:53:27 +01:00
Evgeny Khramtsov
984a00195a Fix bugs introduced by previous commit 2018-09-28 00:28:34 +03:00
Evgeny Khramtsov
39fa1a810d Move certificates processing code to pkix application 
==== WARNING: MUST BE ADDED TO RELEASE NOTES =====
The commit introduces the following incompatibility:
- Option 'ca_path' is deprecated and has no effect anymore:
  option 'ca_file' should be used instead if needed.
==================================================
 2018-09-27 20:37:27 +03:00
Evgeny Khramtsov
03de853e4f Refactor ejabberd_listener 2018-09-18 12:53:36 +03:00
Evgeny Khramtsov
2d246f61dd Fix some dialyzer warnings 2018-09-09 09:59:08 +03:00
Evgeniy Khramtsov
0bb14d16c7 Move XMPP stream and SASL processing to xmpp repo 2018-07-06 01:07:36 +03:00
Evgeniy Khramtsov
71ae7e9fd9 Work-around against public_key incompatibility introduced in OTP21 
The commit introduced the incompatility is
304dd8f81e

Thanks to Stu Tomlinson for spotting the issue.

Fixes #2488
 2018-06-27 19:40:03 +03:00
Evgeniy Khramtsov
87357c700f Do not ignore a certificate containing no domain names 
Log a warning instead and assign it to an "empty" domain
 2018-06-27 11:27:39 +03:00
Evgeniy Khramtsov
7881c5670c Don't replace valid certificates with invalid ones 
When building the certificates chains, if several certificates
are found matching the same domain their validity is checked:

* the invalid one is ignored and the valid one is picked
* if both are valid or both are invalid, then the one with
  sooner expiration is ignored.

Fixes #2454
 2018-06-27 10:55:37 +03:00
Evgeniy Khramtsov
d0f36537fb Clear fast_tls cache on configuration reload 2018-04-13 11:10:20 +03:00
Evgeniy Khramtsov
f39dbe6e49 Get rid of 'fs' package dependency 
Certificates auto-reloading will be fixed later.
For now to reload certificates call `reload-config` ejabberd command.
 2018-03-23 16:40:26 +03:00
Evgeniy Khramtsov
cdc7c1d1ed Update copyright dates 2018-01-05 23:18:58 +03:00
Evgeniy Khramtsov
240977a0da Repair hosts check during certfiles validation 2017-12-28 21:36:57 +03:00
Evgeniy Khramtsov
529d6d8a93 Return default certificate on domain mismatch 2017-12-28 17:24:23 +03:00
Evgeniy Khramtsov
1698956f34 Rely on Server Name Indication for incoming Direct-TLS connections 
This commit also deprecates `certfile` option for ejabberd_http
listener.
 2017-12-24 12:27:51 +03:00
Evgeniy Khramtsov
e15a9a2b9e Log warning on empty wildcard paths 2017-12-08 12:50:10 +03:00
Evgeniy Khramtsov
f1ac793d56 Don't call pkix_is_self_signed/1 too frequently 2017-12-07 17:24:34 +03:00
Evgeniy Khramtsov
97c9058246 Eat less memory during building certificates graph 2017-12-07 16:41:49 +03:00
Evgeniy Khramtsov
a303373b0f Speedup certificate chains creation and validation 2017-12-07 14:32:12 +03:00
Evgeniy Khramtsov
344a2611f2 Avoid infinite loop between self-signed certs 2017-12-07 00:29:19 +03:00
Evgeniy Khramtsov
783ebd1080 Introduce option 'ca_file' 
The option is supposed to be used as a fallback for certificates
validation. For instance, the option will be used if 's2s_cafile'
option is not set. The value should be a path to a file containing
CA certificate(s) in PEM format, e.g.:

ca_file: "/etc/ssl/certs/ca-bundle.pem"
 2017-11-26 18:10:25 +03:00
Evgeniy Khramtsov
5676adff30 Get rid of unused variable compile warning 2017-11-24 12:11:01 +03:00
Evgeniy Khramtsov
e31f6409a6 Fix function clause on filelib:wildcard/1 2017-11-24 12:10:03 +03:00
Evgeniy Khramtsov
fbd6ea8a48 Move 'certfile' based options in a single place 2017-11-23 11:04:47 +03:00
Evgeniy Khramtsov
e709d6561c Re-read ACME certificates on config reload 2017-11-19 09:56:05 +03:00
Evgeniy Khramtsov
ce98226603 Make ACME code working with ejabberd_pkix 2017-11-17 11:59:40 +03:00
Evgeniy Khramtsov
b04c6b7d75 Merge branch 'lets_encrypt_acme_support' of git://github.com/angelhof/ejabberd into angelhof-lets_encrypt_acme_support 
Conflicts:
	rebar.config
	src/ejabberd_pkix.erl
 2017-11-15 10:01:30 +03:00
Evgeniy Khramtsov
fe9b191382 Erase transient certificates on exit 2017-11-07 09:04:20 +03:00
Paweł Chmielowski
354a710e70 Fix pkix:validate() return value 2017-11-02 11:28:23 +01:00
Evgeniy Khramtsov
a22aad0a4b Remove -include() directive for unused header 2017-11-01 10:59:28 +03:00
Evgeniy Khramtsov
ae07fd7f10 Clarify some error/warning messages 2017-11-01 10:14:34 +03:00
Evgeniy Khramtsov
86809dff06 Avoid using "bag" ETS type for certificate storage 2017-11-01 08:47:07 +03:00
Evgeniy Khramtsov
35dc164233 Start even if there are problems with fs application 2017-11-01 08:34:14 +03:00
Evgeniy Khramtsov
170be1fbd5 Lower log level 2017-11-01 00:55:05 +03:00
Evgeniy Khramtsov
35b7203e01 Introduce 'certfiles' global option 
The option is supposed to replace existing options 'c2s_certfile',
's2s_certfile' and 'domain_certfile'. The option accepts a list
of file paths (optionally with wildcards "*") containing either
PEM certificates or PEM private keys. At startup, ejabberd sorts
the certificates, finds matching private keys and rebuilds full
certificates chains which can be used by fast_tls. Example:

certfiles:
  - "/etc/letsencrypt/live/example.org/*.pem"
  - "/etc/letsencrypt/live/example.com/*.pem"
 2017-11-01 00:20:27 +03:00
Konstantinos Kallas
7cc7b74f1e Add acme certificates for all configured hosts in ejabberd_pkix 2017-08-19 12:50:40 +03:00
Evgeniy Khramtsov
268065e5c4 Validate all certfiles on startup 2017-05-23 09:27:52 +03:00
Evgeniy Khramtsov
061d5f2380 Shut up dialyzer/xref if public_key:short_name_hash/1 is not available 2017-05-13 13:11:08 +03:00