prosody
187cd90860cb
plugins/mod_tls.lua
Software / code / prosody
Comparison
plugins/mod_tls.lua @ 2596:187cd90860cb
mod_tls: Merged duplicate code.
| author | Waqas Hussain <waqas20@gmail.com> |
|---|---|
| date | Fri, 12 Feb 2010 02:15:54 +0500 |
| parent | 2595:015934e20f03 |
| child | 2600:1e6f3002e04f |
comparison
equal
deleted
inserted
replaced
| 2595:015934e20f03 | 2596:187cd90860cb |
|---|---|
| 14 local secure_auth_only = module:get_option("c2s_require_encryption") or module:get_option("require_encryption"); | 14 local secure_auth_only = module:get_option("c2s_require_encryption") or module:get_option("require_encryption"); |
| 15 local secure_s2s_only = module:get_option("s2s_require_encryption"); | 15 local secure_s2s_only = module:get_option("s2s_require_encryption"); |
| 16 | 16 |
| 17 local global_ssl_ctx = prosody.global_ssl_ctx; | 17 local global_ssl_ctx = prosody.global_ssl_ctx; |
| 18 | 18 |
| 19 function c2s_starttls_handler(session, stanza) | 19 function starttls_handler(session, stanza) |
| 20 if session.conn.starttls then | 20 if session.conn.starttls then |
| 21 session.send(st.stanza("proceed", { xmlns = xmlns_starttls })); | 21 (session.sends2s or session.send)(st.stanza("proceed", { xmlns = xmlns_starttls })); |
| 22 session:reset_stream(); | 22 session:reset_stream(); |
| 23 local ssl_ctx = session.host and hosts[session.host].ssl_ctx_in or global_ssl_ctx; | 23 local host = session.to_host or session.host; |
| 24 local ssl_ctx = host and hosts[host].ssl_ctx_in or global_ssl_ctx; | |
| 24 session.conn:starttls(ssl_ctx); | 25 session.conn:starttls(ssl_ctx); |
| 25 session.log("info", "TLS negotiation started..."); | 26 session.log("info", "TLS negotiation started for %s...", session.type); |
| 26 session.secure = false; | 27 session.secure = false; |
| 27 else | 28 else |
| 28 -- FIXME: What reply? | 29 -- FIXME: What reply? |
| 29 session.log("warn", "Attempt to start TLS, but TLS is not available on this connection"); | 30 session.log("warn", "Attempt to start TLS, but TLS is not available on this %s connection", session.type); |
| 30 end | |
| 31 end | |
| 32 | |
| 33 function s2s_starttls_handler(session, stanza) | |
| 34 if session.conn.starttls then | |
| 35 session.sends2s(st.stanza("proceed", { xmlns = xmlns_starttls })); | |
| 36 session:reset_stream(); | |
| 37 local ssl_ctx = session.to_host and hosts[session.to_host].ssl_ctx_in or global_ssl_ctx; | |
| 38 session.conn:starttls(ssl_ctx); | |
| 39 session.log("info", "TLS negotiation started for incoming s2s..."); | |
| 40 session.secure = false; | |
| 41 else | |
| 42 -- FIXME: What reply? | |
| 43 session.log("warn", "Attempt to start TLS, but TLS is not available on this s2s connection"); | |
| 44 end | 31 end |
| 45 end | 32 end |
| 46 | 33 |
| 47 module:hook("stanza/urn:ietf:params:xml:ns:xmpp-tls:starttls", function(event) | 34 module:hook("stanza/urn:ietf:params:xml:ns:xmpp-tls:starttls", function(event) |
| 48 local origin, stanza = event.origin, event.stanza; | 35 local origin, stanza = event.origin, event.stanza; |
| 49 if origin.type == "c2s_unauthed" then | 36 if origin.type == "c2s_unauthed" or origin.type == "s2sin_unauthed" then |
| 50 c2s_starttls_handler(origin, stanza); | 37 starttls_handler(origin, stanza); |
| 51 elseif origin.type == "s2sin_unauthed" then | |
| 52 s2s_starttls_handler(origin, stanza); | |
| 53 else | 38 else |
| 54 -- FIXME: What reply? | 39 -- FIXME: What reply? |
| 55 origin.log("warn", "Attempt to start TLS, but TLS is not available on this %s connection", origin.type); | 40 origin.log("warn", "Attempt to start TLS, but TLS is not available on this %s connection", origin.type); |
| 56 end | 41 end |
| 57 return true; | 42 return true; |
