prosody
ab52fdd9f5d0
plugins/mod_tls.lua
Software / code / prosody
Comparison
plugins/mod_tls.lua @ 2594:ab52fdd9f5d0
mod_tls: Slight refactoring.
| author | Waqas Hussain <waqas20@gmail.com> |
|---|---|
| date | Fri, 12 Feb 2010 01:47:10 +0500 |
| parent | 2576:b70e73872c4d |
| child | 2595:015934e20f03 |
comparison
equal
deleted
inserted
replaced
| 2593:06995c8bfe80 | 2594:ab52fdd9f5d0 |
|---|---|
| 14 local secure_auth_only = module:get_option("c2s_require_encryption") or module:get_option("require_encryption"); | 14 local secure_auth_only = module:get_option("c2s_require_encryption") or module:get_option("require_encryption"); |
| 15 local secure_s2s_only = module:get_option("s2s_require_encryption"); | 15 local secure_s2s_only = module:get_option("s2s_require_encryption"); |
| 16 | 16 |
| 17 local global_ssl_ctx = prosody.global_ssl_ctx; | 17 local global_ssl_ctx = prosody.global_ssl_ctx; |
| 18 | 18 |
| 19 module:add_handler("c2s_unauthed", "starttls", xmlns_starttls, | 19 function c2s_starttls_handler(session, stanza) |
| 20 function (session, stanza) | 20 if session.conn.starttls then |
| 21 if session.conn.starttls then | 21 session.send(st.stanza("proceed", { xmlns = xmlns_starttls })); |
| 22 session.send(st.stanza("proceed", { xmlns = xmlns_starttls })); | 22 session:reset_stream(); |
| 23 session:reset_stream(); | 23 local ssl_ctx = session.host and hosts[session.host].ssl_ctx_in or global_ssl_ctx; |
| 24 local ssl_ctx = session.host and hosts[session.host].ssl_ctx_in or global_ssl_ctx; | 24 session.conn:starttls(ssl_ctx); |
| 25 session.conn:starttls(ssl_ctx); | 25 session.log("info", "TLS negotiation started..."); |
| 26 session.log("info", "TLS negotiation started..."); | 26 session.secure = false; |
| 27 session.secure = false; | 27 else |
| 28 else | 28 -- FIXME: What reply? |
| 29 -- FIXME: What reply? | 29 session.log("warn", "Attempt to start TLS, but TLS is not available on this connection"); |
| 30 session.log("warn", "Attempt to start TLS, but TLS is not available on this connection"); | 30 end |
| 31 end | 31 end |
| 32 end); | 32 |
| 33 | 33 function s2s_starttls_handler(session, stanza) |
| 34 module:add_handler("s2sin_unauthed", "starttls", xmlns_starttls, | 34 if session.conn.starttls then |
| 35 function (session, stanza) | 35 session.sends2s(st.stanza("proceed", { xmlns = xmlns_starttls })); |
| 36 if session.conn.starttls then | 36 session:reset_stream(); |
| 37 session.sends2s(st.stanza("proceed", { xmlns = xmlns_starttls })); | 37 local ssl_ctx = session.to_host and hosts[session.to_host].ssl_ctx_in or global_ssl_ctx; |
| 38 session:reset_stream(); | 38 session.conn:starttls(ssl_ctx); |
| 39 local ssl_ctx = session.to_host and hosts[session.to_host].ssl_ctx_in or global_ssl_ctx; | 39 session.log("info", "TLS negotiation started for incoming s2s..."); |
| 40 session.conn:starttls(ssl_ctx); | 40 session.secure = false; |
| 41 session.log("info", "TLS negotiation started for incoming s2s..."); | 41 else |
| 42 session.secure = false; | 42 -- FIXME: What reply? |
| 43 else | 43 session.log("warn", "Attempt to start TLS, but TLS is not available on this s2s connection"); |
| 44 -- FIXME: What reply? | 44 end |
| 45 session.log("warn", "Attempt to start TLS, but TLS is not available on this s2s connection"); | 45 end |
| 46 end | 46 |
| 47 end); | 47 module:add_handler("c2s_unauthed", "starttls", xmlns_starttls, c2s_starttls_handler); |
| 48 module:add_handler("s2sin_unauthed", "starttls", xmlns_starttls, s2s_starttls_handler); | |
| 48 | 49 |
| 49 | 50 |
| 50 local starttls_attr = { xmlns = xmlns_starttls }; | 51 local starttls_attr = { xmlns = xmlns_starttls }; |
| 51 module:add_event_hook("stream-features", | 52 module:add_event_hook("stream-features", |
| 52 function (session, features) | 53 function (session, features) |
