prosody
cf8a6710c91c
plugins/mod_c2s.lua
Software / code / prosody
Comparison
plugins/mod_c2s.lua @ 13280:cf8a6710c91c
mod_c2s: Add session.ssl_cfg/ssl_ctx for direct TLS connections
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Wed, 07 Sep 2022 11:29:00 +0100 |
| parent | 13230:26c30844cac6 |
| child | 13289:38c95544b7ee |
comparison
equal
deleted
inserted
replaced
| 13279:140f7926946b | 13280:cf8a6710c91c |
|---|---|
| 9 module:set_global(); | 9 module:set_global(); |
| 10 | 10 |
| 11 local add_task = require "prosody.util.timer".add_task; | 11 local add_task = require "prosody.util.timer".add_task; |
| 12 local new_xmpp_stream = require "prosody.util.xmppstream".new; | 12 local new_xmpp_stream = require "prosody.util.xmppstream".new; |
| 13 local nameprep = require "prosody.util.encodings".stringprep.nameprep; | 13 local nameprep = require "prosody.util.encodings".stringprep.nameprep; |
| 14 local certmanager = require "prosody.core.certmanager"; | |
| 14 local sessionmanager = require "prosody.core.sessionmanager"; | 15 local sessionmanager = require "prosody.core.sessionmanager"; |
| 15 local statsmanager = require "prosody.core.statsmanager"; | 16 local statsmanager = require "prosody.core.statsmanager"; |
| 16 local st = require "prosody.util.stanza"; | 17 local st = require "prosody.util.stanza"; |
| 18 local pm_get_tls_config_at = require "core.portmanager".get_tls_config_at; | |
| 17 local sm_new_session, sm_destroy_session = sessionmanager.new_session, sessionmanager.destroy_session; | 19 local sm_new_session, sm_destroy_session = sessionmanager.new_session, sessionmanager.destroy_session; |
| 18 local uuid_generate = require "prosody.util.uuid".generate; | 20 local uuid_generate = require "prosody.util.uuid".generate; |
| 19 local async = require "prosody.util.async"; | 21 local async = require "prosody.util.async"; |
| 20 local runner = async.runner; | 22 local runner = async.runner; |
| 21 | 23 |
| 306 -- Client is using Direct TLS or legacy SSL (otherwise mod_tls sets this flag) | 308 -- Client is using Direct TLS or legacy SSL (otherwise mod_tls sets this flag) |
| 307 if conn:ssl() then | 309 if conn:ssl() then |
| 308 session.secure = true; | 310 session.secure = true; |
| 309 session.encrypted = true; | 311 session.encrypted = true; |
| 310 | 312 |
| 313 local server = conn:server(); | |
| 314 local tls_config = pm_get_tls_config_at(server:ip(), server:serverport()); | |
| 315 local autocert = certmanager.find_host_cert(session.conn:socket():getsniname()); | |
| 316 session.ssl_cfg = autocert or tls_config; | |
| 317 session.ssl_ctx = conn:sslctx(); | |
| 318 | |
| 311 -- Check if TLS compression is used | 319 -- Check if TLS compression is used |
| 312 local info = conn:ssl_info(); | 320 local info = conn:ssl_info(); |
| 313 if type(info) == "table" then | 321 if type(info) == "table" then |
| 314 (session.log or log)("info", "Stream encrypted (%s with %s)", info.protocol, info.cipher); | 322 (session.log or log)("info", "Stream encrypted (%s with %s)", info.protocol, info.cipher); |
| 315 session.compressed = info.compression; | 323 session.compressed = info.compression; |
