prosody
bfe120db1ec4
plugins/mod_tls.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Comparison

plugins/mod_tls.lua @ 1911:bfe120db1ec4

mod_tls: Mark starttls feature as <required/> if require_s2s_encryption is enabled
author Matthew Wild <mwild1@gmail.com>
date Mon, 05 Oct 2009 14:52:30 +0100
parent 1910:14c043d7fb77
child 1912:126401a7159f
comparison
equal deleted inserted replaced
1910:14c043d7fb77 1911:bfe120db1ec4
10 10
11 local xmlns_stream = 'http://etherx.jabber.org/streams'; 11 local xmlns_stream = 'http://etherx.jabber.org/streams';
12 local xmlns_starttls = 'urn:ietf:params:xml:ns:xmpp-tls'; 12 local xmlns_starttls = 'urn:ietf:params:xml:ns:xmpp-tls';
13 13
14 local secure_auth_only = module:get_option("require_encryption"); 14 local secure_auth_only = module:get_option("require_encryption");
15 local secure_s2s_only = module:get_option("require_s2s_encryption");
15 16
16 module:add_handler("c2s_unauthed", "starttls", xmlns_starttls, 17 module:add_handler("c2s_unauthed", "starttls", xmlns_starttls,
17 function (session, stanza) 18 function (session, stanza)
18 if session.conn.starttls then 19 if session.conn.starttls then
19 session.send(st.stanza("proceed", { xmlns = xmlns_starttls })); 20 session.send(st.stanza("proceed", { xmlns = xmlns_starttls }));
59 function (session, features) 60 function (session, features)
60 -- This hook is possibly called once per host (at least if the 61 -- This hook is possibly called once per host (at least if the
61 -- remote server does not specify a to/from. 62 -- remote server does not specify a to/from.
62 if session.to_host and session.conn.starttls and not features:child_with_ns(xmlns_starttls) then 63 if session.to_host and session.conn.starttls and not features:child_with_ns(xmlns_starttls) then
63 features:tag("starttls", starttls_attr):up(); 64 features:tag("starttls", starttls_attr):up();
64 -- TODO: Make this optional :P 65 if secure_s2s_only then
65 --features:tag("required"):up():up(); 66 features:tag("required"):up():up();
67 else
68 features:up();
69 end
66 end 70 end
67 end); 71 end);
68 72
69 -- For s2sout connections, start TLS if we can 73 -- For s2sout connections, start TLS if we can
70 module:hook_stanza(xmlns_stream, "features", 74 module:hook_stanza(xmlns_stream, "features",