prosody
7e9ebdc75ce4
plugins/mod_s2s.lua
Software / code / prosody
Comparison
plugins/mod_s2s.lua @ 12480:7e9ebdc75ce4
net: isolate LuaSec-specifics
For this, various accessor functions are now provided directly on the
sockets, which reach down into the LuaSec implementation to obtain the
information.
While this may seem of little gain at first, it hides the implementation
detail of the LuaSec+LuaSocket combination that the actual socket and
the TLS layer are separate objects.
The net gain here is that an alternative implementation does not have to
emulate that specific implementation detail and "only" has to expose
LuaSec-compatible data structures on the new functions.
| author | Jonas Schäfer <jonas@wielicki.name> |
|---|---|
| date | Wed, 27 Apr 2022 17:44:14 +0200 |
| parent | 12476:d8a6e03a7161 |
| child | 12493:e9ea5c88def0 |
comparison
equal
deleted
inserted
replaced
| 12478:82270a6b1234 | 12480:7e9ebdc75ce4 |
|---|---|
| 381 end | 381 end |
| 382 | 382 |
| 383 --- Helper to check that a session peer's certificate is valid | 383 --- Helper to check that a session peer's certificate is valid |
| 384 local function check_cert_status(session) | 384 local function check_cert_status(session) |
| 385 local host = session.direction == "outgoing" and session.to_host or session.from_host | 385 local host = session.direction == "outgoing" and session.to_host or session.from_host |
| 386 local conn = session.conn:socket() | 386 local conn = session.conn |
| 387 local cert | 387 local cert |
| 388 if conn.getpeercertificate then | 388 if conn.ssl_peercertificate then |
| 389 cert = conn:getpeercertificate() | 389 cert = conn:ssl_peercertificate() |
| 390 end | 390 end |
| 391 | 391 |
| 392 return module:fire_event("s2s-check-certificate", { host = host, session = session, cert = cert }); | 392 return module:fire_event("s2s-check-certificate", { host = host, session = session, cert = cert }); |
| 393 end | 393 end |
| 394 | 394 |
| 396 | 396 |
| 397 local function session_secure(session) | 397 local function session_secure(session) |
| 398 session.secure = true; | 398 session.secure = true; |
| 399 session.encrypted = true; | 399 session.encrypted = true; |
| 400 | 400 |
| 401 local sock = session.conn:socket(); | 401 local info = session.conn:ssl_info(); |
| 402 local info = sock.info and sock:info(); | |
| 403 if type(info) == "table" then | 402 if type(info) == "table" then |
| 404 (session.log or log)("info", "Stream encrypted (%s with %s)", info.protocol, info.cipher); | 403 (session.log or log)("info", "Stream encrypted (%s with %s)", info.protocol, info.cipher); |
| 405 session.compressed = info.compression; | 404 session.compressed = info.compression; |
| 406 m_tls_params:with_labels(info.protocol, info.cipher):add(1) | 405 m_tls_params:with_labels(info.protocol, info.cipher):add(1) |
| 407 else | 406 else |
