log mod_s2s_auth_dane/mod_s2s_auth_dane.lua @ 2767:e1edf643fbb1

age author description
Wed, 01 Jun 2016 22:33:51 +0200 Kim Alvefur mod_s2s_auth_dane: Use util.async if available (current prosody trunk)
Sat, 28 May 2016 16:55:43 +0200 Kim Alvefur mod_s2s_auth_dane: Move pausing code to a function
Sat, 28 May 2016 13:34:43 +0200 Kim Alvefur Backed out changeset f00cbfb812cd, it only half-worked and broke things
Thu, 26 May 2016 15:36:19 +0200 Kim Alvefur mod_s2s_auth_dane: Remove unused local
Thu, 26 May 2016 15:35:52 +0200 Kim Alvefur mod_s2s_auth_dane: Attempt a new approach to async lookups that doesn't depend on connection pausing
Thu, 26 May 2016 15:31:32 +0200 Kim Alvefur mod_s2s_auth_dane: Make sure dane field has correct type
Sun, 31 Jan 2016 12:38:51 +0100 Kim Alvefur mod_s2s_auth_dane: Correct message about not being able to support SPKI
Sat, 23 Jan 2016 20:34:26 +0100 Kim Alvefur mod_s2s_auth_dane: Check if cert:pubkey() is available
Mon, 11 Jan 2016 15:45:09 +0100 Kim Alvefur mod_s2s_auth_dane: Warn only if there enabled uses that can't be supported
Sat, 12 Dec 2015 17:00:25 +0100 Kim Alvefur mod_s2s_auth_dane: More DNS related debug logging
Sat, 12 Dec 2015 16:59:49 +0100 Kim Alvefur mod_s2s_auth_dane: Abort on bogus reply to SRV lookup
Sat, 12 Dec 2015 16:01:58 +0100 Kim Alvefur mod_s2s_auth_dane: Log as much as possible through session logger instance
Thu, 10 Dec 2015 23:24:55 +0100 Kim Alvefur mod_s2s_auth_dane: Add a telnet console command that exposes DANE information
Thu, 10 Dec 2015 23:24:11 +0100 Kim Alvefur mod_s2s_auth_dane: Keep DANE response around after the connection is established to aid in debugging
Thu, 10 Dec 2015 23:23:07 +0100 Kim Alvefur mod_s2s_auth_dane: Some more verbose debug logging
Mon, 16 Nov 2015 18:03:41 +0100 Kim Alvefur mod_s2s_auth_dane: Consider TLSA records with PKIX uses as supported (if enabled) even if the chain is invalid (if no match is found the session is considered insecure)
Thu, 05 Nov 2015 15:38:31 +0100 Kim Alvefur mod_s2s_auth_dane: Consider the current certificate chain status before checking PKIX-{EE,CA} TLSA records
Thu, 05 Nov 2015 14:10:11 +0100 Kim Alvefur mod_s2s_auth_dane: Support servers without SRV records by falling back to port 5269 and the bare hostname for TLSA lookups
Thu, 21 May 2015 11:14:16 +0200 Kim Alvefur mod_s2s_auth_dane: Ignore mutating of the 'module' global, that is ok in prosody plugins [luacheck]
Thu, 21 May 2015 10:28:02 +0200 Kim Alvefur mod_s2s_auth_dane: Validate names of DANE-TA certs
Wed, 06 May 2015 00:53:27 +0200 Kim Alvefur mod_s2s_auth_dane: Simplify cases where there are only one SRV record
Wed, 06 May 2015 00:51:46 +0200 Kim Alvefur mod_s2s_auth_dane: Don't count number of RRs in DNS reply if the DNS lib already did
Mon, 13 Apr 2015 13:36:38 +0200 Kim Alvefur mod_s2s_auth_dane: Abort earlier for sessions from hosts that don't say who they are
Mon, 13 Apr 2015 13:35:37 +0200 Kim Alvefur mod_s2s_auth_dane: Demote log message about failure to ASCII-ify hostname from error to warning
Tue, 07 Apr 2015 17:35:20 +0200 Kim Alvefur mod_s2s_auth_dane: Cleanup [luacheck]
Tue, 31 Mar 2015 20:57:34 +0200 Kim Alvefur mod_s2s_auth_dane: Update for recent changes in Zashs LuaSec branch
Mon, 16 Mar 2015 16:19:53 +0100 Kim Alvefur mod_s2s_auth_dane: Comments and cleanup
Tue, 16 Sep 2014 19:55:54 +0200 Kim Alvefur mod_s2s_auth_dane: Include hostname when logging a failure
Tue, 16 Sep 2014 19:53:41 +0200 Kim Alvefur mod_s2s_auth_dane: Fix stringprepping when doing "DANE Light"
Sun, 14 Sep 2014 18:52:54 +0200 Kim Alvefur mod_s2s_auth_dane: Fix traceback caused by LuaSec not being loaded
Sun, 15 Jun 2014 02:40:18 +0200 Kim Alvefur mod_s2s_auth_dane: Tweak log messages
Fri, 13 Jun 2014 02:19:52 +0200 Kim Alvefur mod_s2s_auth_dane: Add some more info to log messages
Thu, 12 Jun 2014 12:31:50 +0200 Kim Alvefur mod_s2s_auth_dane: Pause connection only if needed
Thu, 12 Jun 2014 12:30:39 +0200 Kim Alvefur mod_s2s_auth_dane: Return if no certificate found
Wed, 11 Jun 2014 12:50:57 +0200 Kim Alvefur mod_s2s_auth_dane: Cache logger to save some table lookups and improve readability
Mon, 19 May 2014 17:00:12 +0200 Kim Alvefur mod_s2s_auth_dane: Fix potential traceback in logging if SRV target fails nameprep
Mon, 19 May 2014 16:28:43 +0200 Kim Alvefur mod_s2s_auth_dane: Unreference DNS lookup when reply arrives (thanks LordVan)
Thu, 15 May 2014 11:12:31 +0200 Kim Alvefur Backout 33f132c3f4b7 until 0.10
Thu, 08 May 2014 15:43:58 +0200 Kim Alvefur mod_s2s_auth_dane: Fix traceback if session.srv_hosts is nil
Wed, 07 May 2014 17:08:47 +0200 Kim Alvefur mod_s2s_auth_dane: Change how TLSA support is detected
Wed, 07 May 2014 17:07:10 +0200 Kim Alvefur mod_s2s_auth_dane: Fix logic precedence issue
Sun, 27 Apr 2014 01:43:43 +0200 Kim Alvefur mod_s2s_auth_dane: Add support for DANE-TA and PKIX-CA (requires LuaSec changes)
Sun, 27 Apr 2014 01:40:20 +0200 Kim Alvefur mod_s2s_auth_dane: Use PEM to DER function from util.x509 (0.10+)
Sun, 27 Apr 2014 01:24:03 +0200 Kim Alvefur mod_s2s_auth_dane: Launch DANE queries when sending or receiving stream-features instead of monkeypatching s2sout.lib
Thu, 24 Apr 2014 18:34:10 +0200 Kim Alvefur mod_s2s_auth_dane: Clean up no longer needed DNS replies
Thu, 24 Apr 2014 18:33:13 +0200 Kim Alvefur mod_s2s_auth_dane: Skip dns queries for already authenticated s2sin connections
Thu, 24 Apr 2014 18:32:25 +0200 Kim Alvefur mod_s2s_auth_dane: Remove non-working bogus handling
Thu, 24 Apr 2014 18:19:09 +0200 Kim Alvefur mod_s2s_auth_dane: Break out DANE check into a function
Thu, 10 Apr 2014 22:40:11 +0200 Kim Alvefur mod_s2s_auth_dane: Improve debug message and log it on the session
Mon, 24 Mar 2014 13:04:24 +0100 Kim Alvefur mod_s2s_auth_dane: Merge functionality from mod_s2s_auth_dnssec_srv
Thu, 20 Mar 2014 15:55:37 +0100 Kim Alvefur mod_s2s_auth_dane: Fix typo in debug statement
Thu, 20 Mar 2014 15:31:15 +0100 Kim Alvefur mod_s2s_auth_dane: Pause s2sin while doing SRV and TLSA lookups, fixes race condition (Can haz util.async plz)
Wed, 19 Mar 2014 19:48:06 +0100 Kim Alvefur mod_s2s_auth_dane: Fix tb when no hostname sent by remote
Wed, 19 Mar 2014 14:33:10 +0100 Kim Alvefur mod_s2s_auth_dane: Verify that the SRV is secure
Wed, 19 Mar 2014 14:04:09 +0100 Kim Alvefur mod_s2s_auth_dane: Abort module loading if luaunbound is unavailable
Tue, 18 Mar 2014 16:09:51 +0100 Kim Alvefur mod_s2s_auth_dane: Drop support for domains without SRV for now
Tue, 18 Mar 2014 16:02:24 +0100 Kim Alvefur mod_s2s_auth_dane: Fix for a17c2c4043e5
Tue, 18 Mar 2014 15:54:08 +0100 Kim Alvefur mod_s2s_auth_dane: Skip TLSA lookups if SRV is insecure
Tue, 18 Mar 2014 15:36:23 +0100 Kim Alvefur mod_s2s_auth_dane: Hack for domains without SRV
Tue, 18 Mar 2014 15:20:28 +0100 Kim Alvefur mod_s2s_auth_dane: Don't pass nil to hash functions in case of unsupported selectors
Tue, 18 Mar 2014 15:12:11 +0100 Kim Alvefur mod_s2s_auth_dane: Back to _port._tcp.srvtarget.example.net
Fri, 14 Mar 2014 14:30:33 +0100 Kim Alvefur mod_s2s_auth_dane: Bogus replies should have no RRdata
Fri, 14 Mar 2014 14:23:27 +0100 Kim Alvefur mod_s2s_auth_dane: Comments and TODOs
Fri, 14 Mar 2014 14:18:18 +0100 Kim Alvefur mod_s2s_auth_dane: Make supported DANE usages configurable, default to DANE-EE
Fri, 14 Mar 2014 14:15:56 +0100 Kim Alvefur mod_s2s_auth_dane: Simplify, but diverge from DANE-SRV draft. Will now look for _xmpp-server.example.com IN TLSA for both directions
Tue, 11 Mar 2014 21:13:40 +0100 Kim Alvefur mod_s2s_auth_dane: Only invalidate trust if we found any supported DANE records
Sun, 09 Mar 2014 23:17:17 +0100 Kim Alvefur mod_s2s_auth_dane: Improve handling of bogus data
Sun, 09 Mar 2014 23:08:41 +0100 Kim Alvefur mod_s2s_auth_dane: Only do TLSA lookup if it hasn't been attempted already
Sun, 09 Mar 2014 14:09:24 +0100 Kim Alvefur mod_s2s_auth_dane: Fix inverted nil check
Sun, 09 Mar 2014 13:44:29 +0100 Kim Alvefur mod_s2s_auth_dane: Do DANE lookups on outgoing stream features
Sun, 09 Mar 2014 13:43:27 +0100 Kim Alvefur mod_s2s_auth_dane: Improve logging
Sun, 09 Mar 2014 13:42:36 +0100 Kim Alvefur mod_s2s_auth_dane: More comment changes
Sat, 08 Mar 2014 00:00:26 +0100 Kim Alvefur mod_s2s_auth_dane: Implement experimental method for doing DANE with client certificates on s2sin
Fri, 07 Mar 2014 23:30:34 +0100 Kim Alvefur mod_s2s_auth_dane: Add some comments
Wed, 05 Mar 2014 17:44:27 +0100 Kim Alvefur mod_s2s_auth_dane: Don't allow unencrypted connections if TLSA exists
Wed, 05 Mar 2014 17:42:15 +0100 Kim Alvefur mod_s2s_auth_dane: Verify that the pubkey method exists when the SPKI selector is used
Wed, 05 Mar 2014 17:40:44 +0100 Kim Alvefur mod_s2s_auth_dane: Delay s2sout state machine until we get TLSA reply
Wed, 05 Mar 2014 17:38:36 +0100 Kim Alvefur mod_s2s_auth_dane: Comment updates
Fri, 28 Feb 2014 15:37:55 +0100 Kim Alvefur Backed out changeset 853a382c9bd6
Fri, 28 Feb 2014 15:36:06 +0100 Kim Alvefur mod_turncredentials: Advertise the XEP-0215 feature (thanks Gryffus)
Sat, 04 Jan 2014 23:12:32 +0100 Kim Alvefur mod_s2s_auth_dane: Fix typo in comment (thanks albert)
Sat, 04 Jan 2014 20:07:14 +0100 Kim Alvefur mod_s2s_auth_dane: Style fixes
Sat, 04 Jan 2014 20:04:12 +0100 Kim Alvefur mod_s2s_auth_dane: Fix wording on validation failure
Fri, 03 Jan 2014 15:14:26 +0100 Kim Alvefur mod_s2s_auth_dane: Invalidate trust if there are TLSA records but no matches, or bogus results
Fri, 03 Jan 2014 15:00:05 +0100 Kim Alvefur mod_s2s_auth_dane: Warn about unsupported DANE params
Tue, 31 Dec 2013 02:16:19 +0100 Kim Alvefur mod_s2s_auth_dane: Experimental DANE implementation