prosody
b193f8a2737e
plugins/mod_tls.lua
Software / code / prosody
Comparison
plugins/mod_tls.lua @ 12482:b193f8a2737e
mod_tls: Do not offer TLS if the connection is considered secure
This may be necessary if the session.conn object is not exchanged by the
network backend when establishing TLS. In that case, the starttls method
will always exist and thus that is not a good indicator for offering
TLS.
However, the secure bit already tells us that TLS has been established
or is not to be established on the connection, so we use that instead.
| author | Jonas Schäfer <jonas@wielicki.name> |
|---|---|
| date | Fri, 17 Sep 2021 21:18:30 +0200 |
| parent | 12330:38b5b05407be |
| child | 12483:988a3a7e1f35 |
comparison
equal
deleted
inserted
replaced
| 12481:2ee27587fec7 | 12482:b193f8a2737e |
|---|---|
| 78 end | 78 end |
| 79 | 79 |
| 80 module:hook_global("config-reloaded", module.load); | 80 module:hook_global("config-reloaded", module.load); |
| 81 | 81 |
| 82 local function can_do_tls(session) | 82 local function can_do_tls(session) |
| 83 if session.secure then | |
| 84 return false; | |
| 85 end | |
| 83 if session.conn and not session.conn.starttls then | 86 if session.conn and not session.conn.starttls then |
| 84 if not session.secure then | 87 if not session.secure then |
| 85 session.log("debug", "Underlying connection does not support STARTTLS"); | 88 session.log("debug", "Underlying connection does not support STARTTLS"); |
| 86 end | 89 end |
| 87 return false; | 90 return false; |
