2014-09-16 |
Kim Alvefur |
mod_s2s_auth_dane: Include hostname when logging a failure
|
2014-09-16 |
Kim Alvefur |
mod_s2s_auth_dane: Fix stringprepping when doing "DANE Light"
|
2014-09-14 |
Kim Alvefur |
mod_s2s_auth_dane: Fix traceback caused by LuaSec not being loaded
|
2014-06-15 |
Kim Alvefur |
mod_s2s_auth_dane: Tweak log messages
|
2014-06-13 |
Kim Alvefur |
mod_s2s_auth_dane: Add some more info to log messages
|
2014-06-12 |
Kim Alvefur |
mod_s2s_auth_dane: Pause connection only if needed
|
2014-06-12 |
Kim Alvefur |
mod_s2s_auth_dane: Return if no certificate found
|
2014-06-11 |
Kim Alvefur |
mod_s2s_auth_dane: Cache logger to save some table lookups and improve readability
|
2014-05-19 |
Kim Alvefur |
mod_s2s_auth_dane: Fix potential traceback in logging if SRV target fails nameprep
|
2014-05-19 |
Kim Alvefur |
mod_s2s_auth_dane: Unreference DNS lookup when reply arrives (thanks LordVan)
|
2014-05-15 |
Kim Alvefur |
Backout 33f132c3f4b7 until 0.10
|
2014-05-08 |
Kim Alvefur |
mod_s2s_auth_dane: Fix traceback if session.srv_hosts is nil
|
2014-05-07 |
Kim Alvefur |
mod_s2s_auth_dane: Change how TLSA support is detected
|
2014-05-07 |
Kim Alvefur |
mod_s2s_auth_dane: Fix logic precedence issue
|
2014-04-26 |
Kim Alvefur |
mod_s2s_auth_dane: Add support for DANE-TA and PKIX-CA (requires LuaSec changes)
|
2014-04-26 |
Kim Alvefur |
mod_s2s_auth_dane: Use PEM to DER function from util.x509 (0.10+)
|
2014-04-26 |
Kim Alvefur |
mod_s2s_auth_dane: Launch DANE queries when sending or receiving stream-features instead of monkeypatching s2sout.lib
|
2014-04-24 |
Kim Alvefur |
mod_s2s_auth_dane: Clean up no longer needed DNS replies
|
2014-04-24 |
Kim Alvefur |
mod_s2s_auth_dane: Skip dns queries for already authenticated s2sin connections
|
2014-04-24 |
Kim Alvefur |
mod_s2s_auth_dane: Remove non-working bogus handling
|
2014-04-24 |
Kim Alvefur |
mod_s2s_auth_dane: Break out DANE check into a function
|
2014-04-10 |
Kim Alvefur |
mod_s2s_auth_dane: Improve debug message and log it on the session
|
2014-03-24 |
Kim Alvefur |
mod_s2s_auth_dane: Merge functionality from mod_s2s_auth_dnssec_srv
|
2014-03-20 |
Kim Alvefur |
mod_s2s_auth_dane: Fix typo in debug statement
|
2014-03-20 |
Kim Alvefur |
mod_s2s_auth_dane: Pause s2sin while doing SRV and TLSA lookups, fixes race condition (Can haz util.async plz)
|
2014-03-19 |
Kim Alvefur |
mod_s2s_auth_dane: Fix tb when no hostname sent by remote
|
2014-03-19 |
Kim Alvefur |
mod_s2s_auth_dane: Verify that the SRV is secure
|
2014-03-19 |
Kim Alvefur |
mod_s2s_auth_dane: Abort module loading if luaunbound is unavailable
|
2014-03-18 |
Kim Alvefur |
mod_s2s_auth_dane: Drop support for domains without SRV for now
|
2014-03-18 |
Kim Alvefur |
mod_s2s_auth_dane: Fix for a17c2c4043e5
|
2014-03-18 |
Kim Alvefur |
mod_s2s_auth_dane: Skip TLSA lookups if SRV is insecure
|
2014-03-18 |
Kim Alvefur |
mod_s2s_auth_dane: Hack for domains without SRV
|
2014-03-18 |
Kim Alvefur |
mod_s2s_auth_dane: Don't pass nil to hash functions in case of unsupported selectors
|
2014-03-18 |
Kim Alvefur |
mod_s2s_auth_dane: Back to _port._tcp.srvtarget.example.net
|
2014-03-14 |
Kim Alvefur |
mod_s2s_auth_dane: Bogus replies should have no RRdata
|
2014-03-14 |
Kim Alvefur |
mod_s2s_auth_dane: Comments and TODOs
|
2014-03-14 |
Kim Alvefur |
mod_s2s_auth_dane: Make supported DANE usages configurable, default to DANE-EE
|
2014-03-14 |
Kim Alvefur |
mod_s2s_auth_dane: Simplify, but diverge from DANE-SRV draft. Will now look for _xmpp-server.example.com IN TLSA for both directions
|
2014-03-11 |
Kim Alvefur |
mod_s2s_auth_dane: Only invalidate trust if we found any supported DANE records
|
2014-03-09 |
Kim Alvefur |
mod_s2s_auth_dane: Improve handling of bogus data
|
2014-03-09 |
Kim Alvefur |
mod_s2s_auth_dane: Only do TLSA lookup if it hasn't been attempted already
|
2014-03-09 |
Kim Alvefur |
mod_s2s_auth_dane: Fix inverted nil check
|
2014-03-09 |
Kim Alvefur |
mod_s2s_auth_dane: Do DANE lookups on outgoing stream features
|
2014-03-09 |
Kim Alvefur |
mod_s2s_auth_dane: Improve logging
|
2014-03-09 |
Kim Alvefur |
mod_s2s_auth_dane: More comment changes
|
2014-03-07 |
Kim Alvefur |
mod_s2s_auth_dane: Implement experimental method for doing DANE with client certificates on s2sin
|
2014-03-07 |
Kim Alvefur |
mod_s2s_auth_dane: Add some comments
|
2014-03-05 |
Kim Alvefur |
mod_s2s_auth_dane: Don't allow unencrypted connections if TLSA exists
|
2014-03-05 |
Kim Alvefur |
mod_s2s_auth_dane: Verify that the pubkey method exists when the SPKI selector is used
|
2014-03-05 |
Kim Alvefur |
mod_s2s_auth_dane: Delay s2sout state machine until we get TLSA reply
|
2014-03-05 |
Kim Alvefur |
mod_s2s_auth_dane: Comment updates
|
2014-02-28 |
Kim Alvefur |
Backed out changeset 853a382c9bd6
|
2014-02-28 |
Kim Alvefur |
mod_turncredentials: Advertise the XEP-0215 feature (thanks Gryffus)
|
2014-01-04 |
Kim Alvefur |
mod_s2s_auth_dane: Fix typo in comment (thanks albert)
|
2014-01-04 |
Kim Alvefur |
mod_s2s_auth_dane: Style fixes
|
2014-01-04 |
Kim Alvefur |
mod_s2s_auth_dane: Fix wording on validation failure
|
2014-01-03 |
Kim Alvefur |
mod_s2s_auth_dane: Invalidate trust if there are TLSA records but no matches, or bogus results
|
2014-01-03 |
Kim Alvefur |
mod_s2s_auth_dane: Warn about unsupported DANE params
|
2013-12-31 |
Kim Alvefur |
mod_s2s_auth_dane: Experimental DANE implementation
|