Chapril
/
xmpp.chapril.org-ejabberd
mirror of https://github.com/processone/ejabberd.git
24
1
Fork 0
Code Releases Activity
4,593 Commits 7 Branches 106 Tags 79 MiB
Commit Graph

130 Commits

Author SHA1 Message Date
Holger Weiss 15d184a909 Disable TLS compression for s2s by default 
TLS compression is not recommended, and it's already disabled by default
for c2s connections and for ejabberd_http.
 2016-04-11 22:50:11 +02:00
Mickael Remond dfc29ea03c Switch to Fast XML module 2016-02-03 19:03:17 +01:00
Badlop f448ff608a Update copyright to 2016 (#901) 2016-01-13 12:29:14 +01:00
Evgeniy Khramtsov c7931b4a4f CVE-2016-1232: Add Dialback Key Generation and Validation support (XEP-0185) 2016-01-11 14:22:17 +03:00
Paweł Chmielowski 95a9100623 Fix more places where random:seed is used 2015-12-07 16:48:29 +01:00
Paweł Chmielowski 29db302808 More now() replacements 2015-12-07 16:09:48 +01:00
Evgeniy Khramtsov 95265dd3ad Move JID related functions to jid.erl (#847) 2015-11-24 18:44:13 +03:00
Christophe Romain 341be9b682 Remove supervisor option, disable it for c2s and muc 2015-11-04 16:24:35 +01:00
Christophe Romain 6aeb9dcb38 cosmetic cleanup 2015-10-07 14:18:38 +02:00
Evgeniy Khramtsov 6740b1f0e1 Rename idna.erl to ejabberd_idna.erl (#702) 2015-09-02 16:02:46 +03:00
Holger Weiss fc0754c609 Add s2s_dhfile to list of known options 2015-06-20 00:14:54 +02:00
Holger Weiss e608274243 Add s2s_dhfile option to configuration validator 2015-06-16 15:18:34 +02:00
Alexey Shchepin 2110b929bc Merge pull request #581 from weiss/dh-param-file 
New options: dhfile and s2s_dhfile
 2015-06-16 11:59:06 +03:00
Evgeniy Khramtsov fb6267f38e Add config validation at startup 2015-06-01 15:38:27 +03:00
Holger Weiss 5585fb1ecf New options: dhfile and s2s_dhfile 
Let admins specify a file that contains custom parameters for
Diffie-Hellman key exchange.
 2015-05-26 21:06:04 +02:00
Holger Weiss afdc269825 ejabberd_s2s_out: Remove Erlang/OTP version check 
The version check won't work for Erlang/OTP >= 17; and it's no longer
needed, as we don't support versions older than R16 anyway.
 2015-04-16 23:51:16 +02:00
Christophe Romain 0c0947a241 Add compatibility macros for deprecated types (thanks to Alexey) 2015-02-23 09:58:00 +01:00
Badlop 5a35405cd5 Update copyright dates to 2015 (EJAB-1733) 2015-01-08 17:34:43 +01:00
Evgeny Khramtsov 9563b0228f Merge pull request #177 from weiss/log-tls-sasl-external 
Log TLS status for outgoing s2s with SASL EXTERNAL
 2014-04-30 00:38:18 +04:00
Evgeny Khramtsov 8419322884 Merge pull request #181 from weiss/check-tls-before-auth 
Check TLS state before requesting SASL EXTERNAL for outgoing s2s connections
 2014-04-30 00:36:08 +04:00
Holger Weiss 49bdbf2895 Support certificate verification for outgoing s2s 
Handle "s2s_use_starttls: required_trusted" the same way for outgoing
s2s connections as for incoming connections.  That is, check the remote
server's certificate (including the host name) and abort the connection
if verification fails.
 2014-04-28 01:42:02 +02:00
Holger Weiss d805d198ac Check TLS state before requesting SASL EXTERNAL 
Make sure a remote server can't circumvent "s2s_use_starttls: required"
by offering SASL EXTERNAL authentication over a non-TLS connection.
 2014-04-24 11:04:10 +02:00
Holger Weiss f988aad940 Log TLS status for outgoing s2s with SASL EXTERNAL 2014-04-23 23:28:13 +02:00
Alexey Shchepin f93758a3cd Merge pull request #160 from runcom/protocol_options 
Add option to specify openssl options
 2014-04-15 19:01:21 +04:00
badlop 285c4c17cf Merge pull request #146 from jamielinux/master 
Update FSF address
 2014-04-11 13:35:46 +02:00
Antonio Murdaca fbf71f86f3 Add option to specify openssl options 2014-04-08 18:46:52 +02:00
Badlop 633d47f784 Update copyright dates to 2014 (EJAB-1679) 2014-03-13 12:30:57 +01:00
Jamie Nguyen 8538997d61 Update FSF address 2014-02-22 10:27:40 +00:00
Alexey Shchepin 1dd94ac0d0 Support for OpenSSL ciphers list in ejabberd_c2s, ejabberd_s2s_in and ejabberd_s2s_out 2013-11-28 19:39:11 +02:00
Evgeniy Khramtsov 91a74e3e27 Change configuration file format to YAML 2013-08-21 22:17:59 +10:00
Evgeniy Khramtsov a2ead99c83 Make it possible to enable/disable TLS compression 2013-07-17 22:46:18 +10:00
Evgeniy Khramtsov 4d8f770624 Switch to rebar build tool 
Use dynamic Rebar configuration
Make iconv dependency optional
Disable transient_supervisors compile option
Add hipe compilation support
Only compile ibrowse and lhttpc when needed
Make it possible to generate an OTP application release
Add --enable-debug compile option
Add --enable-all compiler option
Add --enable-tools configure option
Add --with-erlang configure option.
Add --enable-erlang-version-check configure option.
Add lager support
Improve the test suite
 2013-06-13 11:11:02 +02:00
Badlop 9deb294328 Accumulated patch to binarize and indent code 2013-03-14 10:33:02 +01:00
Alexey Shchepin 0ae400533c Update copyright dates 2013-01-24 16:25:13 +02:00
Alexey Shchepin b1e2538488 Update copyright dates 2012-02-23 17:52:34 +02:00
Evgeniy Khramtsov 6b0eb1f09d Reorganize the code to shut up the dialyzer 2011-09-05 21:27:31 +10:00
Christophe Romain fd52f2cb7d update copyright up to 2011 2011-02-14 13:50:55 +01:00
Badlop 6ddc66db9f Handle Tigase's unexpected version=1.0 when ejabberd doesn't announce it (EJAB-1379) 2011-01-31 19:43:28 +01:00
Evgeniy Khramtsov 606c207e21 Make sure 'closed' event is correctly processed on every state 2010-12-17 17:26:20 +09:00
Badlop b9bbe19d4c Option to reject S2S connection if untrusted certificate (EJAB-464) 2010-12-11 02:29:53 +01:00
Badlop 44b2002504 Include From attribute in the stream header of outgoing S2S connections 2010-12-11 02:29:52 +01:00
Badlop eb884c80d0 Add option to require encryption in S2S connections (EJAB-495) 2010-12-11 02:29:48 +01:00
Andreas Köhler e34eebb5ad Correct domain_certfile tlsopts modifications for s2s connections (EJAB-1086) 
* In ejabberd_s2s_out:wait_for_feature_request/2, the domain to use for
  looking up domain_certfile options is #state.myname and not
  #state.server

* If s2s_certfile is not specified, connect should still be part of the
  tls options used by ejabberd_s2s_out

* Add #state.server to ejabberd_s2s_in processes and store the to
  attribute in :wait_for_stream/2. Then use that server in
  :wait_for_feature_request/2 to change the tls options like in
  ejabberd_s2s_out.

Fixes EJAB-1086.
 2010-11-26 00:14:46 +01:00
Evgeniy Khramtsov ac87749d55 add find_s2s_bridge hook 2010-10-11 18:40:57 +10:00
Evgeniy Khramtsov 1f2c9b7971 fixes typo in stop_connection/1 2010-09-28 14:20:02 +10:00
Badlop c8033833f9 When logging s2s out connection attempt or success, log if TLS is used 2010-07-23 00:25:43 +02:00
Evgeniy Khramtsov 715cc5ea3b New configure option: --enable-nif 2010-07-01 20:54:01 +10:00
Pablo Polvorin 84c4d75735 Remove warning for undefined print_state/1 function for p1_fsm processes (thanks Badlop). 
Include a identity function as implementation of print_state/1.
 2010-04-09 14:25:00 -03:00
Evgeniy Khramtsov 31c3a78453 improved s2s connections clean up (EJAB-1202) 2010-03-04 12:36:57 +09:00
Badlop 86794b1d23 Fix OTP version detection to work with old supported R10 and R11 
SVN Revision: 2906
 2010-01-16 12:24:11 +00:00