a1337cb73f
Do not proxy stray responses statelessly (as per RFC 6026)
2014-05-02 17:42:45 +04:00
e7e4055cbb
Don't use erlang:integer_to_binary/1
2014-05-02 17:42:37 +04:00
1d771fe646
Rewrite 'Contact' headers in REGISTER requests
2014-05-02 17:42:31 +04:00
8e2bc8d19e
Check for 'max_user_sessions' option
2014-05-02 17:42:13 +04:00
0117787317
Process gen_server timeouts correctly
2014-05-02 17:40:25 +04:00
16e5d66572
Move some code in a separate function
2014-05-02 17:38:47 +04:00
6a95422af8
Multiple REGISTER bindings support
2014-05-02 17:38:28 +04:00
35faffe7da
Locate sessions by proxy processes directly
2014-05-02 17:31:17 +04:00
a6fe7425dd
Merge pull request #192 from hamano/fix_ejabberd_system_monitor_error
...
fix ejabberd_system_monitor:s2s_out_info/1 error
2014-05-01 10:44:49 +04:00
d83368d73d
fix ejabberd_system_monitor:s2s_out_info/1 error
2014-05-01 15:12:04 +09:00
c545b3de6d
Merge pull request #178 from hamano/devel
...
undefined ejabberd_socket:get_conn_type/1
2014-04-30 21:49:54 +04:00
02e0649d18
SIP support
...
Conflicts:
configure
configure.ac
doc/guide.tex
2014-04-30 19:38:15 +04:00
0904b8b8ff
improve error handling when sql calling with (empty|unknown) host.
...
see #191
2014-05-01 00:20:58 +09:00
ec6c58a21c
Fix error reporting in previous commit
2014-04-30 16:02:20 +02:00
b3714a1b2e
Fix formatting string argument (thanks to Locojay)(github #129 )
2014-04-30 15:59:44 +02:00
81a906af01
Merge pull request #191 from hamano/added_get_random_pid_error_handling
...
fix error handling when sql calling with unknown host.
2014-04-30 17:02:39 +04:00
65519cf262
Merge pull request #190 from hamano/mod_register_web_response_404
...
mod_register_web should response 404 instead of process crash.
2014-04-30 12:42:43 +02:00
a1b8c54c16
Merge pull request #187 from weiss/fix-ejabberdctl-output
...
Let ejabberdctl accept binary string arguments
2014-04-30 12:41:12 +02:00
a6408e9281
fix error handling when sql calling with unknown host.
2014-04-30 15:32:07 +09:00
0e0bd3329d
mod_register_web should response 404 instead of process crash.
2014-04-30 13:39:17 +09:00
ce22239d85
Merge pull request #189 from weiss/markdown-readme
...
Convert README to Markdown
2014-04-30 07:55:27 +04:00
375a1dd759
Convert README to Markdown
...
Use Markdown syntax for the README file and add a README.md symlink, so
that a certain popular Git hosting site renders it nicely.
2014-04-29 23:54:14 +02:00
9563b0228f
Merge pull request #177 from weiss/log-tls-sasl-external
...
Log TLS status for outgoing s2s with SASL EXTERNAL
2014-04-30 00:38:18 +04:00
8419322884
Merge pull request #181 from weiss/check-tls-before-auth
...
Check TLS state before requesting SASL EXTERNAL for outgoing s2s connections
2014-04-30 00:36:08 +04:00
c37aa1b46d
Merge pull request #185 from weiss/verify-cert-for-s2s-out
...
Support certificate verification for outgoing s2s connections
2014-04-30 00:08:24 +04:00
599fdb9ac2
Merge pull request #186 from weiss/add-disconnect-command
...
New ejabberd command: disconnect_user/2
2014-04-29 15:41:41 +04:00
ebbceab93f
Translate disconnect_user/2 string sent to client
2014-04-29 11:56:28 +02:00
bb2c8b59f8
Avoid #state.lang type errors in corner cases
...
If #state.lang is used before being initialized to some binary string,
the translation code would crash.
2014-04-29 11:41:24 +02:00
0af3f9388f
Merge pull request #188 from weiss/update-readme
...
Update README: XEP-0227 code no longer uses exmpp
2014-04-29 13:12:08 +04:00
4073394e7a
Merge pull request #182 from hamano/register_account_acl
...
fix checking acl in mod_register_web
2014-04-29 13:06:53 +04:00
29aead19d9
Merge pull request #179 from hamano/added_get_random_pid_error_handling
...
added get_random_pid/1 error handling
2014-04-29 13:05:58 +04:00
16dd6b03c6
Update README: XEP-0227 code no longer uses exmpp
2014-04-29 10:17:00 +02:00
d09c268b20
Let ejabberdctl accept binary string arguments
...
Don't print the following message if an ejabberd command expects binary
string arguments: "This command cannot be executed using ejabberdctl.
Try ejabberd_xmlrpc."
2014-04-29 01:11:08 +02:00
6d1055abec
New ejabberd command: disconnect_user/2
2014-04-29 00:50:43 +02:00
68e62d7442
Merge pull request #184 from weiss/properly-abort-s2s-in
...
Fix handling of certificate verification errors for incoming s2s connections
2014-04-28 09:58:44 +04:00
49bdbf2895
Support certificate verification for outgoing s2s
...
Handle "s2s_use_starttls: required_trusted" the same way for outgoing
s2s connections as for incoming connections. That is, check the remote
server's certificate (including the host name) and abort the connection
if verification fails.
2014-04-28 01:42:02 +02:00
a21d2298af
XEP-0198: Turn some warnings into info messages
...
Don't log warnings on events that will happen during normal operation.
2014-04-28 01:01:30 +02:00
1aa4ed3f35
Don't mess with s2s out when aborting s2s in
...
Don't try to look up and close outgoing connections to a given server
when aborting incoming connections from that server due to certificate
verification errors. The ejabberd_s2s:find_connection/2 call actually
created one or more *new* connections if less than 'max_s2s_connections'
connections were found. Then, no more than one of those possibly new
connections were stopped by the ejabberd_s2s_out:stop_connection/1 call.
It's not really necessary to bother with outgoing connections at all,
here.
2014-04-28 00:17:05 +02:00
eabca82765
Send stream trailer before closing s2s connection
...
When aborting an incoming s2s connection due to certificate verification
errors, send a stream trailer before closing the socket.
2014-04-27 00:28:42 +02:00
71dba66330
fix checking acl in mod_register_web
2014-04-24 18:15:39 +09:00
d805d198ac
Check TLS state before requesting SASL EXTERNAL
...
Make sure a remote server can't circumvent "s2s_use_starttls: required"
by offering SASL EXTERNAL authentication over a non-TLS connection.
2014-04-24 11:04:10 +02:00
0734562ded
added privacy_list_data index for mysql database.
2014-04-24 16:04:40 +09:00
ffe9f3c192
added get_random_pid/1 error handling
2014-04-24 15:34:41 +09:00
219f9276d1
undefined ejabberd_socket:get_conn_type/1
2014-04-24 12:42:22 +09:00
f988aad940
Log TLS status for outgoing s2s with SASL EXTERNAL
2014-04-23 23:28:13 +02:00
3a3f8240c1
Merge pull request #176 from hamano/devel
...
added error handling in mod_pubsub_odbc.
2014-04-23 17:06:46 +02:00
9ec014c184
added error handling in mod_pubsub_odbc.
2014-04-23 23:35:34 +09:00
e9d104ec47
Merge pull request #174 from weiss/fix-s2s-in-auth
...
Fix certificate authentication for incoming s2s connections
2014-04-23 15:10:20 +02:00
86e17c379c
Verify host name before offering SASL EXTERNAL
...
Prior to this commit, ejabberd handled certificate authentication for
incoming s2s connections like this:
1. Verify the certificate without checking the host name. On failure,
behave according to 's2s_use_starttls'. On success:
2. Offer SASL EXTERNAL.
3. If the remote server chooses SASL EXTERNAL, compare the authorization
identity against the certificate host name(s). On failure, abort the
connection unconditionally.
ejabberd now does this instead:
1. Verify the certificate and compare the certificate host name(s)
against the 'from' attribute of the stream header. On failure,
behave according to 's2s_use_starttls'. On success:
2. Offer SASL EXTERNAL.
3. If the remote server chooses SASL EXTERNAL, ignore the authorization
identity (if any) and consider the peer authenticated.
The old behavior was suggested by previous versions of XEP-0178, the new
behavior is suggested by the current version 1.1.
2014-04-23 11:45:17 +02:00
4bc8b6bc9f
Fix extraction of host names from certificates
2014-04-22 22:12:04 +02:00
Evgeniy Khramtsov