prosody
77ac0d96ac24
plugins/mod_s2s.lua
Software / code / prosody
Comparison
plugins/mod_s2s.lua @ 12206:77ac0d96ac24
mod_s2s: Enable outgoing Direct TLS connections
Makes it faster by cutting out the roundtrips involved in <starttls/>,
at the cost of making an additional SRV lookup.
Since we already ignore a missing <starttls/> offer and try anyway there
is not much difference in security. The fact that XMPP is used and the
hostnames involved might still be visible until the future Encrypted
ClientHello extension allows hiding those too.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Fri, 21 Jan 2022 17:59:19 +0100 |
| parent | 11867:bb20cfd4884f |
| child | 12207:65e252940337 |
comparison
equal
deleted
inserted
replaced
| 12205:a2e6605303fa | 12206:77ac0d96ac24 |
|---|---|
| 27 local s2s_destroy_session = require "core.s2smanager".destroy_session; | 27 local s2s_destroy_session = require "core.s2smanager".destroy_session; |
| 28 local uuid_gen = require "util.uuid".generate; | 28 local uuid_gen = require "util.uuid".generate; |
| 29 local runner = require "util.async".runner; | 29 local runner = require "util.async".runner; |
| 30 local connect = require "net.connect".connect; | 30 local connect = require "net.connect".connect; |
| 31 local service = require "net.resolvers.service"; | 31 local service = require "net.resolvers.service"; |
| 32 local resolver_chain = require "net.resolvers.chain"; | |
| 32 local errors = require "util.error"; | 33 local errors = require "util.error"; |
| 33 local set = require "util.set"; | 34 local set = require "util.set"; |
| 34 | 35 |
| 35 local connect_timeout = module:get_option_number("s2s_timeout", 90); | 36 local connect_timeout = module:get_option_number("s2s_timeout", 90); |
| 36 local stream_close_timeout = module:get_option_number("s2s_close_timeout", 5); | 37 local stream_close_timeout = module:get_option_number("s2s_close_timeout", 5); |
| 215 host_session.bounce_sendq = bounce_sendq; | 216 host_session.bounce_sendq = bounce_sendq; |
| 216 host_session.sendq = { {tostring(stanza), stanza.attr.type ~= "error" and stanza.attr.type ~= "result" and st.reply(stanza)} }; | 217 host_session.sendq = { {tostring(stanza), stanza.attr.type ~= "error" and stanza.attr.type ~= "result" and st.reply(stanza)} }; |
| 217 log("debug", "stanza [%s] queued until connection complete", stanza.name); | 218 log("debug", "stanza [%s] queued until connection complete", stanza.name); |
| 218 -- FIXME Cleaner solution to passing extra data from resolvers to net.server | 219 -- FIXME Cleaner solution to passing extra data from resolvers to net.server |
| 219 -- This mt-clone allows resolvers to add extra data, currently used for DANE TLSA records | 220 -- This mt-clone allows resolvers to add extra data, currently used for DANE TLSA records |
| 220 local extra = setmetatable({}, s2s_service_options_mt); | 221 local xmpp_extra = setmetatable({}, s2s_service_options_mt); |
| 221 connect(service.new(to_host, "xmpp-server", "tcp", extra), listener, nil, { session = host_session }); | 222 local sslctx = require"core.certmanager".create_context(from_host, "client"); -- TODO this should live in mod_tls ? |
| 223 local xmpps_extra = setmetatable({ default_port = false; servername = to_host; sslctx = sslctx }, s2s_service_options_mt); | |
| 224 local direct_and_normal = resolver_chain.new({ | |
| 225 service.new(to_host, "xmpps-server", "tcp", xmpps_extra); | |
| 226 service.new(to_host, "xmpp-server", "tcp", xmpp_extra); | |
| 227 }); | |
| 228 connect(direct_and_normal, listener, nil, { session = host_session }); | |
| 222 m_initiated_connections:with_labels(from_host):add(1) | 229 m_initiated_connections:with_labels(from_host):add(1) |
| 223 return true; | 230 return true; |
| 224 end | 231 end |
| 225 | 232 |
| 226 local function keepalive(event) | 233 local function keepalive(event) |
