prosody
03287c06d986
plugins/mod_tls.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Comparison

plugins/mod_tls.lua @ 2625:03287c06d986

mod_tls: Refactor to simplify detection of whether we can do TLS on a connection
author Matthew Wild <mwild1@gmail.com>
date Fri, 12 Feb 2010 21:57:46 +0000
parent 2623:1d34b45dec15
child 2635:e79057cf2538
comparison
equal deleted inserted replaced
2624:99b60dc15174 2625:03287c06d986
22 22
23 local global_ssl_ctx = prosody.global_ssl_ctx; 23 local global_ssl_ctx = prosody.global_ssl_ctx;
24 24
25 local host = hosts[module.host]; 25 local host = hosts[module.host];
26 26
27 local function can_do_tls(session)
28 if session.type == "c2s_unauthed" then
29 return session.username and session.conn.starttls and host.ssl_ctx_in;
30 elseif session.type == "s2sin_unauthed" then
31 return origin.to_host and origin.conn.starttls and host.ssl_ctx_in;
32 end
33 return false;
34 end
35
27 -- Hook <starttls/> 36 -- Hook <starttls/>
28 module:hook("stanza/urn:ietf:params:xml:ns:xmpp-tls:starttls", function(event) 37 module:hook("stanza/urn:ietf:params:xml:ns:xmpp-tls:starttls", function(event)
29 local origin = event.origin; 38 local origin = event.origin;
30 if origin.conn.starttls then 39 if can_do_tls(origin) then
31 (origin.sends2s or origin.send)(starttls_proceed); 40 (origin.sends2s or origin.send)(starttls_proceed);
32 origin:reset_stream(); 41 origin:reset_stream();
33 local host = origin.to_host or origin.host; 42 local host = origin.to_host or origin.host;
34 local ssl_ctx = host and hosts[host].ssl_ctx_in or global_ssl_ctx; 43 local ssl_ctx = host and hosts[host].ssl_ctx_in or global_ssl_ctx;
35 origin.conn:starttls(ssl_ctx); 44 origin.conn:starttls(ssl_ctx);
44 end); 53 end);
45 54
46 -- Advertize stream feature 55 -- Advertize stream feature
47 module:hook("stream-features", function(event) 56 module:hook("stream-features", function(event)
48 local origin, features = event.origin, event.features; 57 local origin, features = event.origin, event.features;
49 if not origin.username and origin.conn.starttls and host.ssl_ctx_in then 58 if can_do_tls(origin) then
50 features:add_child(c2s_feature); 59 features:add_child(c2s_feature);
51 end 60 end
52 end); 61 end);
53 module:hook("s2s-stream-features", function(event) 62 module:hook("s2s-stream-features", function(event)
54 local origin, features = event.origin, event.features; 63 local origin, features = event.origin, event.features;
55 if origin.to_host and origin.type ~= "s2sin" and origin.conn.starttls and host.ssl_ctx_in then 64 if can_do_tls(origin) then
56 features:add_child(s2s_feature); 65 features:add_child(s2s_feature);
57 end 66 end
58 end); 67 end);
59 68
60 -- For s2sout connections, start TLS if we can 69 -- For s2sout connections, start TLS if we can
64 module:log("%s is offering TLS, taking up the offer...", session.to_host); 73 module:log("%s is offering TLS, taking up the offer...", session.to_host);
65 session.sends2s("<starttls xmlns='"..xmlns_starttls.."'/>"); 74 session.sends2s("<starttls xmlns='"..xmlns_starttls.."'/>");
66 return true; 75 return true;
67 end 76 end
68 end, 500); 77 end, 500);
78
69 module:hook_stanza(xmlns_starttls, "proceed", function (session, stanza) 79 module:hook_stanza(xmlns_starttls, "proceed", function (session, stanza)
70 module:log("debug", "Proceeding with TLS on s2sout..."); 80 module:log("debug", "Proceeding with TLS on s2sout...");
71 session:reset_stream(); 81 session:reset_stream();
72 local ssl_ctx = session.from_host and hosts[session.from_host].ssl_ctx or global_ssl_ctx; 82 local ssl_ctx = session.from_host and hosts[session.from_host].ssl_ctx or global_ssl_ctx;
73 session.conn:starttls(ssl_ctx, true); 83 session.conn:starttls(ssl_ctx, true);