Changeset

5487:6cf2f32dbf40

mod_s2sout_override: Add support for Direct TLS Well that was easy
author Kim Alvefur <zash@zash.se>
date Wed, 24 May 2023 16:34:35 +0200
parents 5486:71243bedb2b0
children 5488:9a4556a13cc7
files mod_s2sout_override/README.md mod_s2sout_override/mod_s2sout_override.lua
diffstat 2 files changed, 10 insertions(+), 3 deletions(-) [+]
line wrap: on
line diff
--- a/mod_s2sout_override/README.md	Wed May 24 15:56:26 2023 +0200
+++ b/mod_s2sout_override/README.md	Wed May 24 16:34:35 2023 +0200
@@ -11,9 +11,12 @@
 to URIs like `"tcp://host.example:port"`, to have Prosody connect there
 instead of doing normal DNS SRV resolution.
 
-Currently only the `tcp://` scheme is supported.  A future version could
-support more methods including Direct TLS, alternate SRV lookup targets
-or even UNIX sockets.
+Currently supported schemes are `tcp://` and `tls://`.  A future version
+could support more methods including alternate SRV lookup targets or
+even UNIX sockets.
+
+URIs with IP addresses like `tcp://127.0.0.1:9999` will bypass A/AAAA
+DNS lookups.
 
 ```lua
 -- Global section
@@ -25,6 +28,7 @@
 s2sout_override = {
     ["example.com"] = "tcp://other.host.example:5299";
     ["xmpp.example.net"] = "tcp://localhost:5999";
+    ["secure.example"] = = "tls://127.0.0.1:5270";
 }
 ```
 
--- a/mod_s2sout_override/mod_s2sout_override.lua	Wed May 24 15:56:26 2023 +0200
+++ b/mod_s2sout_override/mod_s2sout_override.lua	Wed May 24 16:34:35 2023 +0200
@@ -12,5 +12,8 @@
 	end
 	if type(override) == "table" and override.scheme == "tcp" and type(override.host) == "string" then
 		event.resolver = basic_resolver.new(override.host, tonumber(override.port) or 5269, override.scheme, {});
+	elseif type(override) == "table" and override.scheme == "tls" and type(override.host) == "string" then
+		event.resolver = basic_resolver.new(override.host, tonumber(override.port) or 5270, "tcp",
+			{ servername = event.session.to_host; sslctx = event.session.ssl_ctx });
 	end
 end);