prosody
988a3a7e1f35
plugins/mod_tls.lua
Software / code / prosody
Comparison
plugins/mod_tls.lua @ 12483:988a3a7e1f35
mod_tls: tell network backend to stop reading while preparing TLS
| author | Jonas Schäfer <jonas@wielicki.name> |
|---|---|
| date | Sat, 02 Apr 2022 11:18:57 +0200 |
| parent | 12482:b193f8a2737e |
| child | 12484:fb65b5a033b2 |
comparison
equal
deleted
inserted
replaced
| 12482:b193f8a2737e | 12483:988a3a7e1f35 |
|---|---|
| 127 | 127 |
| 128 -- Hook <starttls/> | 128 -- Hook <starttls/> |
| 129 module:hook("stanza/urn:ietf:params:xml:ns:xmpp-tls:starttls", function(event) | 129 module:hook("stanza/urn:ietf:params:xml:ns:xmpp-tls:starttls", function(event) |
| 130 local origin = event.origin; | 130 local origin = event.origin; |
| 131 if can_do_tls(origin) then | 131 if can_do_tls(origin) then |
| 132 if origin.conn.block_reads then | |
| 133 -- we need to ensure that no data is read anymore, otherwise we could end up in a situation where | |
| 134 -- <proceed/> is sent and the socket receives the TLS handshake (and passes the data to lua) before | |
| 135 -- it is asked to initiate TLS | |
| 136 -- (not with the classical single-threaded server backends) | |
| 137 origin.conn:block_reads() | |
| 138 end | |
| 132 (origin.sends2s or origin.send)(starttls_proceed); | 139 (origin.sends2s or origin.send)(starttls_proceed); |
| 133 if origin.destroyed then return end | 140 if origin.destroyed then return end |
| 134 origin:reset_stream(); | 141 origin:reset_stream(); |
| 135 origin.conn:starttls(origin.ssl_ctx); | 142 origin.conn:starttls(origin.ssl_ctx); |
| 136 origin.log("debug", "TLS negotiation started for %s...", origin.type); | 143 origin.log("debug", "TLS negotiation started for %s...", origin.type); |
