prosody
1d34b45dec15
plugins/mod_tls.lua
Software / code / prosody
Comparison
plugins/mod_tls.lua @ 2623:1d34b45dec15
mod_tls: Don't offer TLS on hosts that don't have any certs
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Fri, 12 Feb 2010 21:33:22 +0000 |
| parent | 2613:afa20941e098 |
| child | 2625:03287c06d986 |
comparison
equal
deleted
inserted
replaced
| 2622:5ced53147f86 | 2623:1d34b45dec15 |
|---|---|
| 20 if secure_auth_only then c2s_feature:tag("required"):up(); end | 20 if secure_auth_only then c2s_feature:tag("required"):up(); end |
| 21 if secure_s2s_only then s2s_feature:tag("required"):up(); end | 21 if secure_s2s_only then s2s_feature:tag("required"):up(); end |
| 22 | 22 |
| 23 local global_ssl_ctx = prosody.global_ssl_ctx; | 23 local global_ssl_ctx = prosody.global_ssl_ctx; |
| 24 | 24 |
| 25 local host = hosts[module.host]; | |
| 26 | |
| 25 -- Hook <starttls/> | 27 -- Hook <starttls/> |
| 26 module:hook("stanza/urn:ietf:params:xml:ns:xmpp-tls:starttls", function(event) | 28 module:hook("stanza/urn:ietf:params:xml:ns:xmpp-tls:starttls", function(event) |
| 27 local origin = event.origin; | 29 local origin = event.origin; |
| 28 if origin.conn.starttls then | 30 if origin.conn.starttls then |
| 29 (origin.sends2s or origin.send)(starttls_proceed); | 31 (origin.sends2s or origin.send)(starttls_proceed); |
| 42 end); | 44 end); |
| 43 | 45 |
| 44 -- Advertize stream feature | 46 -- Advertize stream feature |
| 45 module:hook("stream-features", function(event) | 47 module:hook("stream-features", function(event) |
| 46 local origin, features = event.origin, event.features; | 48 local origin, features = event.origin, event.features; |
| 47 if not origin.username and origin.conn.starttls then | 49 if not origin.username and origin.conn.starttls and host.ssl_ctx_in then |
| 48 features:add_child(c2s_feature); | 50 features:add_child(c2s_feature); |
| 49 end | 51 end |
| 50 end); | 52 end); |
| 51 module:hook("s2s-stream-features", function(event) | 53 module:hook("s2s-stream-features", function(event) |
| 52 local origin, features = event.origin, event.features; | 54 local origin, features = event.origin, event.features; |
| 53 if origin.to_host and origin.type ~= "s2sin" and origin.conn.starttls then | 55 if origin.to_host and origin.type ~= "s2sin" and origin.conn.starttls and host.ssl_ctx_in then |
| 54 features:add_child(s2s_feature); | 56 features:add_child(s2s_feature); |
| 55 end | 57 end |
| 56 end); | 58 end); |
| 57 | 59 |
| 58 -- For s2sout connections, start TLS if we can | 60 -- For s2sout connections, start TLS if we can |
