prosody
29c7586665f5
plugins/mod_tls.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Comparison

plugins/mod_tls.lua @ 6521:29c7586665f5

mod_tls: Keep ssl config around and attach them to sessions
author Kim Alvefur <zash@zash.se>
date Wed, 19 Nov 2014 14:47:49 +0100
parent 6487:edc63dc72566
child 6526:873538f0b18c
comparison
equal deleted inserted replaced
6520:c6caaa440e74 6521:29c7586665f5
30 30
31 local hosts = prosody.hosts; 31 local hosts = prosody.hosts;
32 local host = hosts[module.host]; 32 local host = hosts[module.host];
33 33
34 local ssl_ctx_c2s, ssl_ctx_s2sout, ssl_ctx_s2sin; 34 local ssl_ctx_c2s, ssl_ctx_s2sout, ssl_ctx_s2sin;
35 local ssl_cfg_c2s, ssl_cfg_s2sout, ssl_cfg_s2sin;
35 do 36 do
36 local NULL, err = {}; 37 local NULL = {};
37 local global = module:context("*"); 38 local global = module:context("*");
38 local parent = module:context(module.host:match("%.(.*)$")); 39 local parent = module:context(module.host:match("%.(.*)$"));
39 40
40 local parent_ssl = parent:get_option("ssl"); 41 local parent_ssl = parent:get_option("ssl");
41 local host_ssl = module:get_option("ssl", parent_ssl); 42 local host_ssl = module:get_option("ssl", parent_ssl);
46 47
47 local global_s2s = global:get_option("s2s_ssl", NULL); 48 local global_s2s = global:get_option("s2s_ssl", NULL);
48 local parent_s2s = parent:get_option("s2s_ssl", NULL); 49 local parent_s2s = parent:get_option("s2s_ssl", NULL);
49 local host_s2s = module:get_option("s2s_ssl", parent_s2s); 50 local host_s2s = module:get_option("s2s_ssl", parent_s2s);
50 51
51 ssl_ctx_c2s, err = create_context(host.host, "server", host_c2s, host_ssl, global_c2s); -- for incoming client connections 52 ssl_ctx_c2s, ssl_cfg_c2s = create_context(host.host, "server", host_c2s, host_ssl, global_c2s); -- for incoming client connections
52 if err then module:log("error", "Error creating context for c2s: %s", err); end 53 if not ssl_ctx_c2s then module:log("error", "Error creating context for c2s: %s", ssl_cfg_c2s); end
53 54
54 ssl_ctx_s2sin, err = create_context(host.host, "server", host_s2s, host_ssl, global_s2s); -- for incoming server connections 55 ssl_ctx_s2sout, ssl_cfg_s2sout = create_context(host.host, "client", host_s2s, host_ssl, global_s2s); -- for outgoing server connections
55 ssl_ctx_s2sout = create_context(host.host, "client", host_s2s, host_ssl, global_s2s); -- for outgoing server connections 56 if not ssl_ctx_s2sout then module:log("error", "Error creating contexts for s2sout: %s", ssl_cfg_s2sin); end
56 if err then module:log("error", "Error creating context for s2s: %s", err); end -- Both would have the same issue 57
58 ssl_ctx_s2sin, ssl_cfg_s2sin = create_context(host.host, "server", host_s2s, host_ssl, global_s2s); -- for incoming server connections
59 if not ssl_ctx_s2sin then module:log("error", "Error creating contexts for s2sin: %s", ssl_cfg_s2sin); end
57 end 60 end
58 61
59 local function can_do_tls(session) 62 local function can_do_tls(session)
60 if not session.conn.starttls then 63 if not session.conn.starttls then
61 return false; 64 return false;
62 elseif session.ssl_ctx then 65 elseif session.ssl_ctx then
63 return true; 66 return true;
64 end 67 end
65 if session.type == "c2s_unauthed" then 68 if session.type == "c2s_unauthed" then
66 session.ssl_ctx = ssl_ctx_c2s; 69 session.ssl_ctx = ssl_ctx_c2s;
70 session.ssl_cfg = ssl_cfg_c2s;
67 elseif session.type == "s2sin_unauthed" and allow_s2s_tls then 71 elseif session.type == "s2sin_unauthed" and allow_s2s_tls then
68 session.ssl_ctx = ssl_ctx_s2sin; 72 session.ssl_ctx = ssl_ctx_s2sin;
73 session.ssl_cfg = ssl_cfg_s2sin;
69 elseif session.direction == "outgoing" and allow_s2s_tls then 74 elseif session.direction == "outgoing" and allow_s2s_tls then
70 session.ssl_ctx = ssl_ctx_s2sout; 75 session.ssl_ctx = ssl_ctx_s2sout;
76 session.ssl_cfg = ssl_cfg_s2sout;
71 else 77 else
72 return false; 78 return false;
73 end 79 end
74 return session.ssl_ctx; 80 return session.ssl_ctx;
75 end 81 end