prosody
d022cb4486bd
plugins/mod_tls.lua
Software / code / prosody
Comparison
plugins/mod_tls.lua @ 6722:d022cb4486bd
Merge 0.10->trunk
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Tue, 19 May 2015 09:31:12 +0100 |
| parent | 6710:d062314446f6 |
| child | 6832:9566a15d3e59 |
comparison
equal
deleted
inserted
replaced
| 6705:c269ab6ab98a | 6722:d022cb4486bd |
|---|---|
| 19 s2s_require_encryption = true; | 19 s2s_require_encryption = true; |
| 20 end | 20 end |
| 21 | 21 |
| 22 local xmlns_starttls = 'urn:ietf:params:xml:ns:xmpp-tls'; | 22 local xmlns_starttls = 'urn:ietf:params:xml:ns:xmpp-tls'; |
| 23 local starttls_attr = { xmlns = xmlns_starttls }; | 23 local starttls_attr = { xmlns = xmlns_starttls }; |
| 24 local starttls_initiate= st.stanza("starttls", starttls_attr); | |
| 24 local starttls_proceed = st.stanza("proceed", starttls_attr); | 25 local starttls_proceed = st.stanza("proceed", starttls_attr); |
| 25 local starttls_failure = st.stanza("failure", starttls_attr); | 26 local starttls_failure = st.stanza("failure", starttls_attr); |
| 26 local c2s_feature = st.stanza("starttls", starttls_attr); | 27 local c2s_feature = st.stanza("starttls", starttls_attr); |
| 27 local s2s_feature = st.stanza("starttls", starttls_attr); | 28 local s2s_feature = st.stanza("starttls", starttls_attr); |
| 28 if c2s_require_encryption then c2s_feature:tag("required"):up(); end | 29 if c2s_require_encryption then c2s_feature:tag("required"):up(); end |
| 58 ssl_ctx_s2sin, err, ssl_cfg_s2sin = create_context(host.host, "server", host_s2s, host_ssl, global_s2s); -- for incoming server connections | 59 ssl_ctx_s2sin, err, ssl_cfg_s2sin = create_context(host.host, "server", host_s2s, host_ssl, global_s2s); -- for incoming server connections |
| 59 if not ssl_ctx_s2sin then module:log("error", "Error creating contexts for s2sin: %s", err); end | 60 if not ssl_ctx_s2sin then module:log("error", "Error creating contexts for s2sin: %s", err); end |
| 60 end | 61 end |
| 61 | 62 |
| 62 local function can_do_tls(session) | 63 local function can_do_tls(session) |
| 63 if not session.conn.starttls then | 64 if session.ssl_ctx == false or not session.conn.starttls then |
| 64 return false; | 65 return false; |
| 65 elseif session.ssl_ctx then | 66 elseif session.ssl_ctx then |
| 66 return true; | 67 return true; |
| 67 end | 68 end |
| 68 if session.type == "c2s_unauthed" then | 69 if session.type == "c2s_unauthed" then |
| 114 -- For s2sout connections, start TLS if we can | 115 -- For s2sout connections, start TLS if we can |
| 115 module:hook_stanza("http://etherx.jabber.org/streams", "features", function (session, stanza) | 116 module:hook_stanza("http://etherx.jabber.org/streams", "features", function (session, stanza) |
| 116 module:log("debug", "Received features element"); | 117 module:log("debug", "Received features element"); |
| 117 if can_do_tls(session) and stanza:get_child("starttls", xmlns_starttls) then | 118 if can_do_tls(session) and stanza:get_child("starttls", xmlns_starttls) then |
| 118 module:log("debug", "%s is offering TLS, taking up the offer...", session.to_host); | 119 module:log("debug", "%s is offering TLS, taking up the offer...", session.to_host); |
| 119 session.sends2s("<starttls xmlns='"..xmlns_starttls.."'/>"); | 120 session.sends2s(starttls_initiate); |
| 120 return true; | 121 return true; |
| 121 end | 122 end |
| 122 end, 500); | 123 end, 500); |
| 123 | 124 |
| 124 module:hook_stanza(xmlns_starttls, "proceed", function (session, stanza) | 125 module:hook_stanza(xmlns_starttls, "proceed", function (session, stanza) |
