Holger Weiss
375a1dd759
Convert README to Markdown
...
Use Markdown syntax for the README file and add a README.md symlink, so
that a certain popular Git hosting site renders it nicely.
2014-04-29 23:54:14 +02:00
Evgeny Khramtsov
9563b0228f
Merge pull request #177 from weiss/log-tls-sasl-external
...
Log TLS status for outgoing s2s with SASL EXTERNAL
2014-04-30 00:38:18 +04:00
Evgeny Khramtsov
8419322884
Merge pull request #181 from weiss/check-tls-before-auth
...
Check TLS state before requesting SASL EXTERNAL for outgoing s2s connections
2014-04-30 00:36:08 +04:00
Evgeny Khramtsov
c37aa1b46d
Merge pull request #185 from weiss/verify-cert-for-s2s-out
...
Support certificate verification for outgoing s2s connections
2014-04-30 00:08:24 +04:00
Evgeny Khramtsov
599fdb9ac2
Merge pull request #186 from weiss/add-disconnect-command
...
New ejabberd command: disconnect_user/2
2014-04-29 15:41:41 +04:00
Holger Weiss
ebbceab93f
Translate disconnect_user/2 string sent to client
2014-04-29 11:56:28 +02:00
Holger Weiss
bb2c8b59f8
Avoid #state.lang type errors in corner cases
...
If #state.lang is used before being initialized to some binary string,
the translation code would crash.
2014-04-29 11:41:24 +02:00
Evgeny Khramtsov
0af3f9388f
Merge pull request #188 from weiss/update-readme
...
Update README: XEP-0227 code no longer uses exmpp
2014-04-29 13:12:08 +04:00
Evgeny Khramtsov
4073394e7a
Merge pull request #182 from hamano/register_account_acl
...
fix checking acl in mod_register_web
2014-04-29 13:06:53 +04:00
Evgeny Khramtsov
29aead19d9
Merge pull request #179 from hamano/added_get_random_pid_error_handling
...
added get_random_pid/1 error handling
2014-04-29 13:05:58 +04:00
Holger Weiss
16dd6b03c6
Update README: XEP-0227 code no longer uses exmpp
2014-04-29 10:17:00 +02:00
Holger Weiss
d09c268b20
Let ejabberdctl accept binary string arguments
...
Don't print the following message if an ejabberd command expects binary
string arguments: "This command cannot be executed using ejabberdctl.
Try ejabberd_xmlrpc."
2014-04-29 01:11:08 +02:00
Holger Weiss
6d1055abec
New ejabberd command: disconnect_user/2
2014-04-29 00:50:43 +02:00
Evgeny Khramtsov
68e62d7442
Merge pull request #184 from weiss/properly-abort-s2s-in
...
Fix handling of certificate verification errors for incoming s2s connections
2014-04-28 09:58:44 +04:00
Holger Weiss
49bdbf2895
Support certificate verification for outgoing s2s
...
Handle "s2s_use_starttls: required_trusted" the same way for outgoing
s2s connections as for incoming connections. That is, check the remote
server's certificate (including the host name) and abort the connection
if verification fails.
2014-04-28 01:42:02 +02:00
Holger Weiss
a21d2298af
XEP-0198: Turn some warnings into info messages
...
Don't log warnings on events that will happen during normal operation.
2014-04-28 01:01:30 +02:00
Holger Weiss
1aa4ed3f35
Don't mess with s2s out when aborting s2s in
...
Don't try to look up and close outgoing connections to a given server
when aborting incoming connections from that server due to certificate
verification errors. The ejabberd_s2s:find_connection/2 call actually
created one or more *new* connections if less than 'max_s2s_connections'
connections were found. Then, no more than one of those possibly new
connections were stopped by the ejabberd_s2s_out:stop_connection/1 call.
It's not really necessary to bother with outgoing connections at all,
here.
2014-04-28 00:17:05 +02:00
Holger Weiss
eabca82765
Send stream trailer before closing s2s connection
...
When aborting an incoming s2s connection due to certificate verification
errors, send a stream trailer before closing the socket.
2014-04-27 00:28:42 +02:00
HAMANO Tsukasa
71dba66330
fix checking acl in mod_register_web
2014-04-24 18:15:39 +09:00
Holger Weiss
d805d198ac
Check TLS state before requesting SASL EXTERNAL
...
Make sure a remote server can't circumvent "s2s_use_starttls: required"
by offering SASL EXTERNAL authentication over a non-TLS connection.
2014-04-24 11:04:10 +02:00
HAMANO Tsukasa
0734562ded
added privacy_list_data index for mysql database.
2014-04-24 16:04:40 +09:00
HAMANO Tsukasa
ffe9f3c192
added get_random_pid/1 error handling
2014-04-24 15:34:41 +09:00
HAMANO Tsukasa
219f9276d1
undefined ejabberd_socket:get_conn_type/1
2014-04-24 12:42:22 +09:00
Holger Weiss
f988aad940
Log TLS status for outgoing s2s with SASL EXTERNAL
2014-04-23 23:28:13 +02:00
badlop
3a3f8240c1
Merge pull request #176 from hamano/devel
...
added error handling in mod_pubsub_odbc.
2014-04-23 17:06:46 +02:00
HAMANO Tsukasa
9ec014c184
added error handling in mod_pubsub_odbc.
2014-04-23 23:35:34 +09:00
badlop
e9d104ec47
Merge pull request #174 from weiss/fix-s2s-in-auth
...
Fix certificate authentication for incoming s2s connections
2014-04-23 15:10:20 +02:00
Holger Weiss
86e17c379c
Verify host name before offering SASL EXTERNAL
...
Prior to this commit, ejabberd handled certificate authentication for
incoming s2s connections like this:
1. Verify the certificate without checking the host name. On failure,
behave according to 's2s_use_starttls'. On success:
2. Offer SASL EXTERNAL.
3. If the remote server chooses SASL EXTERNAL, compare the authorization
identity against the certificate host name(s). On failure, abort the
connection unconditionally.
ejabberd now does this instead:
1. Verify the certificate and compare the certificate host name(s)
against the 'from' attribute of the stream header. On failure,
behave according to 's2s_use_starttls'. On success:
2. Offer SASL EXTERNAL.
3. If the remote server chooses SASL EXTERNAL, ignore the authorization
identity (if any) and consider the peer authenticated.
The old behavior was suggested by previous versions of XEP-0178, the new
behavior is suggested by the current version 1.1.
2014-04-23 11:45:17 +02:00
Holger Weiss
4bc8b6bc9f
Fix extraction of host names from certificates
2014-04-22 22:12:04 +02:00
badlop
9497dbff17
Merge pull request #162 from weiss/enable-carbons
...
Enable mod_carboncopy in example configuration
2014-04-22 13:53:23 +02:00
badlop
37d4109e8a
Merge pull request #161 from weiss/fix-carbons
...
Let mod_carboncopy take care of messages sent to bare/unavailable JIDs
2014-04-22 13:52:11 +02:00
badlop
b73f28c93e
Merge pull request #173 from weiss/force-configure-regeneration
...
Always regenerate the configure script when running ./autogen.sh
2014-04-22 12:52:22 +02:00
Holger Weiss
c98d539bb3
Force regeneration of configure script
...
As the version string is auto-generated from the git-describe(1) output,
the configure script may need to be regenerated even if configure.ac
wasn't modified.
2014-04-18 12:13:17 +02:00
badlop
4b52a8e4e3
Merge pull request #172 from weiss/accept-extauth-cache-false
...
Don't log an error when "extauth_cache: false" is specified
2014-04-17 19:55:51 +02:00
Holger Weiss
d350cc6361
Accept "extauth_cache: false"
...
Don't log a "configuration problem" message if "extauth_cache: false" is
explicitly specified, as that's a valid configuration setting as per the
documentation.
2014-04-16 14:15:14 +02:00
badlop
727197613a
Merge pull request #171 from weiss/update-doc-url
...
Update a URL in the guide
2014-04-16 10:03:07 +02:00
badlop
cc6a4787af
Merge pull request #170 from weiss/fix-doc-typos
...
Fix two small typos in the guide
2014-04-16 10:02:12 +02:00
Holger Weiss
27a7b38dee
Update a URL in the guide
2014-04-16 00:31:15 +02:00
Holger Weiss
45687c52dc
Fix two small typos in the guide
2014-04-16 00:25:11 +02:00
Paweł Chmielowski
7af7b7d3f0
Fix compilation on pre-R17
2014-04-15 17:05:25 +02:00
Paweł Chmielowski
d97b4fd9ca
Fix loading translation files on R17
2014-04-15 17:05:22 +02:00
Alexey Shchepin
f93758a3cd
Merge pull request #160 from runcom/protocol_options
...
Add option to specify openssl options
2014-04-15 19:01:21 +04:00
badlop
77d6d36a9d
Merge pull request #167 from weiss/fix-modules-doc
...
Remove outdated comment from guide
2014-04-15 16:41:48 +02:00
badlop
57ba57b908
Merge pull request #168 from weiss/carbons-doc
...
Mention mod_carboncopy in documentation
2014-04-15 16:40:48 +02:00
Holger Weiss
c9d4f2146c
Mention mod_carboncopy in documentation
2014-04-15 01:29:00 +02:00
Holger Weiss
46001aafaa
Remove outdated comment from guide
2014-04-15 01:21:41 +02:00
badlop
ad680c508e
Merge pull request #165 from weiss/fix-access-doc
...
Fix the description of the access rules syntax in the Guide
2014-04-12 16:42:05 +02:00
Holger Weiss
be43aa85f4
Fix description of access rules syntax
2014-04-11 14:00:10 +02:00
badlop
285c4c17cf
Merge pull request #146 from jamielinux/master
...
Update FSF address
2014-04-11 13:35:46 +02:00
Evgeniy Khramtsov
a21edc2f3a
Pretty print accepted transport address
2014-04-11 12:30:58 +02:00