prosody
9184fe3d489a
plugins/mod_tls.lua
Software / code / prosody
Comparison
plugins/mod_tls.lua @ 12602:9184fe3d489a
mod_tls: Record STARTTLS state so it can be shown in Shell
This field can be viewed using s2s:show(nil, "... starttls") even
without any special support in mod_admin_shell, which can be added later
to make it nicer. One can then assume that a TLS connection with an
empty / nil starttls field means Direct TLS.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Tue, 02 Aug 2022 19:26:26 +0200 |
| parent | 12484:fb65b5a033b2 |
| child | 12977:74b9e05af71e |
comparison
equal
deleted
inserted
replaced
| 12601:72f7bb3f30d3 | 12602:9184fe3d489a |
|---|---|
| 126 end); | 126 end); |
| 127 | 127 |
| 128 -- Hook <starttls/> | 128 -- Hook <starttls/> |
| 129 module:hook("stanza/urn:ietf:params:xml:ns:xmpp-tls:starttls", function(event) | 129 module:hook("stanza/urn:ietf:params:xml:ns:xmpp-tls:starttls", function(event) |
| 130 local origin = event.origin; | 130 local origin = event.origin; |
| 131 origin.starttls = "requested"; | |
| 131 if can_do_tls(origin) then | 132 if can_do_tls(origin) then |
| 132 if origin.conn.block_reads then | 133 if origin.conn.block_reads then |
| 133 -- we need to ensure that no data is read anymore, otherwise we could end up in a situation where | 134 -- we need to ensure that no data is read anymore, otherwise we could end up in a situation where |
| 134 -- <proceed/> is sent and the socket receives the TLS handshake (and passes the data to lua) before | 135 -- <proceed/> is sent and the socket receives the TLS handshake (and passes the data to lua) before |
| 135 -- it is asked to initiate TLS | 136 -- it is asked to initiate TLS |
| 174 module:log("debug", "%s is *not* offering TLS, trying anyways!", session.to_host); | 175 module:log("debug", "%s is *not* offering TLS, trying anyways!", session.to_host); |
| 175 else | 176 else |
| 176 module:log("debug", "%s is not offering TLS", session.to_host); | 177 module:log("debug", "%s is not offering TLS", session.to_host); |
| 177 return; | 178 return; |
| 178 end | 179 end |
| 180 session.starttls = "initiated"; | |
| 179 session.sends2s(starttls_initiate); | 181 session.sends2s(starttls_initiate); |
| 180 return true; | 182 return true; |
| 181 end | 183 end |
| 182 end, 500); | 184 end, 500); |
| 183 | 185 |
| 191 | 193 |
| 192 module:hook_tag(xmlns_starttls, "proceed", function (session, stanza) -- luacheck: ignore 212/stanza | 194 module:hook_tag(xmlns_starttls, "proceed", function (session, stanza) -- luacheck: ignore 212/stanza |
| 193 if session.type == "s2sout_unauthed" and can_do_tls(session) then | 195 if session.type == "s2sout_unauthed" and can_do_tls(session) then |
| 194 module:log("debug", "Proceeding with TLS on s2sout..."); | 196 module:log("debug", "Proceeding with TLS on s2sout..."); |
| 195 session:reset_stream(); | 197 session:reset_stream(); |
| 198 session.starttls = "proceeding" | |
| 196 session.conn:starttls(session.ssl_ctx, session.to_host); | 199 session.conn:starttls(session.ssl_ctx, session.to_host); |
| 197 session.secure = false; | 200 session.secure = false; |
| 198 return true; | 201 return true; |
| 199 end | 202 end |
| 200 end); | 203 end); |
