Software /
code /
prosody
Comparison
plugins/mod_tls.lua @ 2872:cdc292d201fc
mod_tls: Don't offer TLS on hosts that don't have any certs
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Fri, 12 Feb 2010 21:33:22 +0000 |
parent | 2854:ce8ce431c2b8 |
child | 2877:1edeb8fe7d14 |
comparison
equal
deleted
inserted
replaced
2871:5613235be64a | 2872:cdc292d201fc |
---|---|
12 local xmlns_starttls = 'urn:ietf:params:xml:ns:xmpp-tls'; | 12 local xmlns_starttls = 'urn:ietf:params:xml:ns:xmpp-tls'; |
13 | 13 |
14 local secure_auth_only = module:get_option("c2s_require_encryption") or module:get_option("require_encryption"); | 14 local secure_auth_only = module:get_option("c2s_require_encryption") or module:get_option("require_encryption"); |
15 local secure_s2s_only = module:get_option("s2s_require_encryption"); | 15 local secure_s2s_only = module:get_option("s2s_require_encryption"); |
16 | 16 |
17 local host = hosts[module.host]; | |
18 | |
17 module:add_handler("c2s_unauthed", "starttls", xmlns_starttls, | 19 module:add_handler("c2s_unauthed", "starttls", xmlns_starttls, |
18 function (session, stanza) | 20 function (session, stanza) |
19 if session.conn.starttls then | 21 if session.conn.starttls and host.ssl_ctx_in then |
20 session.send(st.stanza("proceed", { xmlns = xmlns_starttls })); | 22 session.send(st.stanza("proceed", { xmlns = xmlns_starttls })); |
21 session:reset_stream(); | 23 session:reset_stream(); |
22 if session.host and hosts[session.host].ssl_ctx_in then | 24 if session.host and hosts[session.host].ssl_ctx_in then |
23 session.conn.set_sslctx(hosts[session.host].ssl_ctx_in); | 25 session.conn.set_sslctx(hosts[session.host].ssl_ctx_in); |
24 end | 26 end |
32 end | 34 end |
33 end); | 35 end); |
34 | 36 |
35 module:add_handler("s2sin_unauthed", "starttls", xmlns_starttls, | 37 module:add_handler("s2sin_unauthed", "starttls", xmlns_starttls, |
36 function (session, stanza) | 38 function (session, stanza) |
37 if session.conn.starttls then | 39 if session.conn.starttls and host.ssl_ctx_in then |
38 session.sends2s(st.stanza("proceed", { xmlns = xmlns_starttls })); | 40 session.sends2s(st.stanza("proceed", { xmlns = xmlns_starttls })); |
39 session:reset_stream(); | 41 session:reset_stream(); |
40 if session.to_host and hosts[session.to_host].ssl_ctx_in then | 42 if session.to_host and hosts[session.to_host].ssl_ctx_in then |
41 session.conn.set_sslctx(hosts[session.to_host].ssl_ctx_in); | 43 session.conn.set_sslctx(hosts[session.to_host].ssl_ctx_in); |
42 end | 44 end |