Holger Weiss
49bdbf2895
Support certificate verification for outgoing s2s
...
Handle "s2s_use_starttls: required_trusted" the same way for outgoing
s2s connections as for incoming connections. That is, check the remote
server's certificate (including the host name) and abort the connection
if verification fails.
2014-04-28 01:42:02 +02:00
badlop
3a3f8240c1
Merge pull request #176 from hamano/devel
...
added error handling in mod_pubsub_odbc.
2014-04-23 17:06:46 +02:00
HAMANO Tsukasa
9ec014c184
added error handling in mod_pubsub_odbc.
2014-04-23 23:35:34 +09:00
badlop
e9d104ec47
Merge pull request #174 from weiss/fix-s2s-in-auth
...
Fix certificate authentication for incoming s2s connections
2014-04-23 15:10:20 +02:00
Holger Weiss
86e17c379c
Verify host name before offering SASL EXTERNAL
...
Prior to this commit, ejabberd handled certificate authentication for
incoming s2s connections like this:
1. Verify the certificate without checking the host name. On failure,
behave according to 's2s_use_starttls'. On success:
2. Offer SASL EXTERNAL.
3. If the remote server chooses SASL EXTERNAL, compare the authorization
identity against the certificate host name(s). On failure, abort the
connection unconditionally.
ejabberd now does this instead:
1. Verify the certificate and compare the certificate host name(s)
against the 'from' attribute of the stream header. On failure,
behave according to 's2s_use_starttls'. On success:
2. Offer SASL EXTERNAL.
3. If the remote server chooses SASL EXTERNAL, ignore the authorization
identity (if any) and consider the peer authenticated.
The old behavior was suggested by previous versions of XEP-0178, the new
behavior is suggested by the current version 1.1.
2014-04-23 11:45:17 +02:00
Holger Weiss
4bc8b6bc9f
Fix extraction of host names from certificates
2014-04-22 22:12:04 +02:00
badlop
9497dbff17
Merge pull request #162 from weiss/enable-carbons
...
Enable mod_carboncopy in example configuration
2014-04-22 13:53:23 +02:00
badlop
37d4109e8a
Merge pull request #161 from weiss/fix-carbons
...
Let mod_carboncopy take care of messages sent to bare/unavailable JIDs
2014-04-22 13:52:11 +02:00
badlop
b73f28c93e
Merge pull request #173 from weiss/force-configure-regeneration
...
Always regenerate the configure script when running ./autogen.sh
2014-04-22 12:52:22 +02:00
Holger Weiss
c98d539bb3
Force regeneration of configure script
...
As the version string is auto-generated from the git-describe(1) output,
the configure script may need to be regenerated even if configure.ac
wasn't modified.
2014-04-18 12:13:17 +02:00
badlop
4b52a8e4e3
Merge pull request #172 from weiss/accept-extauth-cache-false
...
Don't log an error when "extauth_cache: false" is specified
2014-04-17 19:55:51 +02:00
Holger Weiss
d350cc6361
Accept "extauth_cache: false"
...
Don't log a "configuration problem" message if "extauth_cache: false" is
explicitly specified, as that's a valid configuration setting as per the
documentation.
2014-04-16 14:15:14 +02:00
badlop
727197613a
Merge pull request #171 from weiss/update-doc-url
...
Update a URL in the guide
2014-04-16 10:03:07 +02:00
badlop
cc6a4787af
Merge pull request #170 from weiss/fix-doc-typos
...
Fix two small typos in the guide
2014-04-16 10:02:12 +02:00
Holger Weiss
27a7b38dee
Update a URL in the guide
2014-04-16 00:31:15 +02:00
Holger Weiss
45687c52dc
Fix two small typos in the guide
2014-04-16 00:25:11 +02:00
Paweł Chmielowski
7af7b7d3f0
Fix compilation on pre-R17
2014-04-15 17:05:25 +02:00
Paweł Chmielowski
d97b4fd9ca
Fix loading translation files on R17
2014-04-15 17:05:22 +02:00
Alexey Shchepin
f93758a3cd
Merge pull request #160 from runcom/protocol_options
...
Add option to specify openssl options
2014-04-15 19:01:21 +04:00
badlop
77d6d36a9d
Merge pull request #167 from weiss/fix-modules-doc
...
Remove outdated comment from guide
2014-04-15 16:41:48 +02:00
badlop
57ba57b908
Merge pull request #168 from weiss/carbons-doc
...
Mention mod_carboncopy in documentation
2014-04-15 16:40:48 +02:00
Holger Weiss
c9d4f2146c
Mention mod_carboncopy in documentation
2014-04-15 01:29:00 +02:00
Holger Weiss
46001aafaa
Remove outdated comment from guide
2014-04-15 01:21:41 +02:00
badlop
ad680c508e
Merge pull request #165 from weiss/fix-access-doc
...
Fix the description of the access rules syntax in the Guide
2014-04-12 16:42:05 +02:00
Holger Weiss
be43aa85f4
Fix description of access rules syntax
2014-04-11 14:00:10 +02:00
badlop
285c4c17cf
Merge pull request #146 from jamielinux/master
...
Update FSF address
2014-04-11 13:35:46 +02:00
Evgeniy Khramtsov
a21edc2f3a
Pretty print accepted transport address
2014-04-11 12:30:58 +02:00
Holger Weiss
515331baad
Enable mod_carboncopy in example configuration
...
XEP-0280 seems to be quite popular these days.
2014-04-08 23:38:04 +02:00
Holger Weiss
b3b12effbc
Carbons: Handle unavailable resource like bare JID
...
As the session manager handles messages sent to unavailable resources
just like messages sent to bare JIDs, mod_carboncopy must do that, too.
That is, forward them only to those carbon-copy-enabled resources that
don't have a top priority, in order to avoid duplicates.
2014-04-08 23:32:30 +02:00
Antonio Murdaca
fbf71f86f3
Add option to specify openssl options
2014-04-08 18:46:52 +02:00
Holger Weiss
9d5426315f
Carbons: Also forward messages sent to bare JIDs
...
Don't ignore messages sent to bare JIDs, but forward them to all
carbon-copy-enabled resources that don't have the highest priority.
2014-04-07 22:10:08 +02:00
Badlop
66006ba017
Update Hebrew translation (thanks to Isratine Citizen)
2014-04-07 16:26:50 +02:00
badlop
f3bbfb1c66
Merge pull request #159 from weiss/update-gitignore
...
Update the gitignore(5) file
2014-04-07 13:29:37 +02:00
badlop
766ab1eb46
Merge pull request #158 from weiss/fix-lang-type
...
Fix a type error
2014-04-07 13:28:41 +02:00
badlop
76fb7d284a
Merge pull request #157 from weiss/fix-mod-update
...
Fix badarg issue on module update web site
2014-04-07 13:27:31 +02:00
badlop
2d441b3305
Merge pull request #156 from hamano/devel
...
mod_register_web: check same acl as mod_register.
2014-04-07 12:39:22 +02:00
Holger Weiss
0befeb7d93
Let Git ignore the "ebin" directory
2014-04-06 00:56:36 +02:00
Holger Weiss
a2679e9d51
Let Git ignore files generated by "make install"
2014-04-06 00:56:09 +02:00
Holger Weiss
37f409d254
Fix a type error
2014-04-06 00:39:51 +02:00
Holger Weiss
e02a4913d2
Fix badarg issue on module update web site
2014-04-05 23:23:44 +02:00
HAMANO Tsukasa
1250ee5d77
mod_register_web: check same acl as mod_register.
2014-04-04 04:07:29 +09:00
Badlop
8b9c49440a
Fix user_resources command, and ejabberd_xmlrpc parsing auth details in call
2014-03-31 16:51:47 +02:00
Badlop
5bf3c784da
New Bash completion script for ejabberdctl, experimental (EJAB-1042)
2014-03-26 16:43:56 +01:00
Badlop
a5a065290b
Small change in ejabberd_ctl output format to support bash completion
2014-03-26 16:43:53 +01:00
Badlop
ac0e199d36
Provide meaningful text to user when admin kicks session (EJAB-1455)
2014-03-26 16:01:37 +01:00
Evgeniy Khramtsov
2150b10901
Fix service_info options processing
2014-03-25 09:52:57 +04:00
Evgeniy Khramtsov
5c36c44689
Remove annyoing warnings
2014-03-25 09:42:12 +04:00
Badlop
d5f90965d7
Fix ACLs syntax change (thanks to jokker23)(issue #140 )
2014-03-24 19:40:55 +01:00
badlop
2b527f5e9a
Merge pull request #149 from iulianlaz/carboncopy-fix-msg-back-to-original-sender
...
#148 Carbon copy sends message back to original sender solved
2014-03-16 20:59:49 +01:00
Badlop
633d47f784
Update copyright dates to 2014 (EJAB-1679)
2014-03-13 12:30:57 +01:00