Comparison

plugins/mod_tls.lua @ 2872:cdc292d201fc

mod_tls: Don't offer TLS on hosts that don't have any certs
author Matthew Wild <mwild1@gmail.com>
date Fri, 12 Feb 2010 21:33:22 +0000
parent 2854:ce8ce431c2b8
child 2877:1edeb8fe7d14
comparison
equal deleted inserted replaced
2871:5613235be64a 2872:cdc292d201fc
12 local xmlns_starttls = 'urn:ietf:params:xml:ns:xmpp-tls'; 12 local xmlns_starttls = 'urn:ietf:params:xml:ns:xmpp-tls';
13 13
14 local secure_auth_only = module:get_option("c2s_require_encryption") or module:get_option("require_encryption"); 14 local secure_auth_only = module:get_option("c2s_require_encryption") or module:get_option("require_encryption");
15 local secure_s2s_only = module:get_option("s2s_require_encryption"); 15 local secure_s2s_only = module:get_option("s2s_require_encryption");
16 16
17 local host = hosts[module.host];
18
17 module:add_handler("c2s_unauthed", "starttls", xmlns_starttls, 19 module:add_handler("c2s_unauthed", "starttls", xmlns_starttls,
18 function (session, stanza) 20 function (session, stanza)
19 if session.conn.starttls then 21 if session.conn.starttls and host.ssl_ctx_in then
20 session.send(st.stanza("proceed", { xmlns = xmlns_starttls })); 22 session.send(st.stanza("proceed", { xmlns = xmlns_starttls }));
21 session:reset_stream(); 23 session:reset_stream();
22 if session.host and hosts[session.host].ssl_ctx_in then 24 if session.host and hosts[session.host].ssl_ctx_in then
23 session.conn.set_sslctx(hosts[session.host].ssl_ctx_in); 25 session.conn.set_sslctx(hosts[session.host].ssl_ctx_in);
24 end 26 end
32 end 34 end
33 end); 35 end);
34 36
35 module:add_handler("s2sin_unauthed", "starttls", xmlns_starttls, 37 module:add_handler("s2sin_unauthed", "starttls", xmlns_starttls,
36 function (session, stanza) 38 function (session, stanza)
37 if session.conn.starttls then 39 if session.conn.starttls and host.ssl_ctx_in then
38 session.sends2s(st.stanza("proceed", { xmlns = xmlns_starttls })); 40 session.sends2s(st.stanza("proceed", { xmlns = xmlns_starttls }));
39 session:reset_stream(); 41 session:reset_stream();
40 if session.to_host and hosts[session.to_host].ssl_ctx_in then 42 if session.to_host and hosts[session.to_host].ssl_ctx_in then
41 session.conn.set_sslctx(hosts[session.to_host].ssl_ctx_in); 43 session.conn.set_sslctx(hosts[session.to_host].ssl_ctx_in);
42 end 44 end