Comparison

plugins/mod_tls.lua @ 12330:38b5b05407be

various: Require encryption by default for real These options have been specified (and enabled) in the default config file for a long time. However if unspecified in the config, they were not enabled. Now they are. This may result in a change of behaviour for people using very old config files that lack the require_encryption options. But that's what we want.
author Kim Alvefur <zash@zash.se>
date Sat, 25 Dec 2021 16:23:40 +0100
parent 12211:5c2ae28f536e
child 12482:b193f8a2737e
comparison
equal deleted inserted replaced
12329:c980210ca095 12330:38b5b05407be
8 8
9 local create_context = require "core.certmanager".create_context; 9 local create_context = require "core.certmanager".create_context;
10 local rawgetopt = require"core.configmanager".rawget; 10 local rawgetopt = require"core.configmanager".rawget;
11 local st = require "util.stanza"; 11 local st = require "util.stanza";
12 12
13 local c2s_require_encryption = module:get_option("c2s_require_encryption", module:get_option("require_encryption")); 13 local c2s_require_encryption = module:get_option("c2s_require_encryption", module:get_option("require_encryption", true));
14 local s2s_require_encryption = module:get_option("s2s_require_encryption"); 14 local s2s_require_encryption = module:get_option("s2s_require_encryption", true);
15 local allow_s2s_tls = module:get_option("s2s_allow_encryption") ~= false; 15 local allow_s2s_tls = module:get_option("s2s_allow_encryption") ~= false;
16 local s2s_secure_auth = module:get_option("s2s_secure_auth"); 16 local s2s_secure_auth = module:get_option("s2s_secure_auth");
17 17
18 if s2s_secure_auth and s2s_require_encryption == false then 18 if s2s_secure_auth and s2s_require_encryption == false then
19 module:log("warn", "s2s_secure_auth implies s2s_require_encryption, but s2s_require_encryption is set to false"); 19 module:log("warn", "s2s_secure_auth implies s2s_require_encryption, but s2s_require_encryption is set to false");