prosody
e2155e2703dd
plugins/mod_s2s.lua
Software / code / prosody
Comparison
plugins/mod_s2s.lua @ 11772:e2155e2703dd
mod_s2s: Factor out procedure for newly encrypted sessions
Goal is to call this if the connection is using Direct TLS, either via
multiplexing or a future Direct TLS S2S port.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Tue, 10 Aug 2021 20:51:31 +0200 |
| parent | 11770:d2a9aa1c7ac8 |
| child | 11773:c5f2b63cf6ff |
comparison
equal
deleted
inserted
replaced
| 11771:4c0802b52673 | 11772:e2155e2703dd |
|---|---|
| 377 return module:fire_event("s2s-check-certificate", { host = host, session = session, cert = cert }); | 377 return module:fire_event("s2s-check-certificate", { host = host, session = session, cert = cert }); |
| 378 end | 378 end |
| 379 | 379 |
| 380 --- XMPP stream event handlers | 380 --- XMPP stream event handlers |
| 381 | 381 |
| 382 local function session_secure(session) | |
| 383 session.secure = true; | |
| 384 session.encrypted = true; | |
| 385 | |
| 386 local sock = session.conn:socket(); | |
| 387 local info = sock.info and sock:info(); | |
| 388 if type(info) == "table" then | |
| 389 (session.log or log)("info", "Stream encrypted (%s with %s)", info.protocol, info.cipher); | |
| 390 session.compressed = info.compression; | |
| 391 m_tls_params:with_labels(info.protocol, info.cipher):add(1) | |
| 392 else | |
| 393 (session.log or log)("info", "Stream encrypted"); | |
| 394 end | |
| 395 end | |
| 396 | |
| 382 local stream_callbacks = { default_ns = "jabber:server" }; | 397 local stream_callbacks = { default_ns = "jabber:server" }; |
| 383 | 398 |
| 384 function stream_callbacks.handlestanza(session, stanza) | 399 function stream_callbacks.handlestanza(session, stanza) |
| 385 stanza = session.filter("stanzas/in", stanza); | 400 stanza = session.filter("stanzas/in", stanza); |
| 386 session.thread:run(stanza); | 401 session.thread:run(stanza); |
| 397 session.version = tonumber(attr.version) or 0; | 412 session.version = tonumber(attr.version) or 0; |
| 398 session.had_stream = true; -- Had a stream opened at least once | 413 session.had_stream = true; -- Had a stream opened at least once |
| 399 | 414 |
| 400 -- TODO: Rename session.secure to session.encrypted | 415 -- TODO: Rename session.secure to session.encrypted |
| 401 if session.secure == false then | 416 if session.secure == false then |
| 402 session.secure = true; | 417 session_secure(session); |
| 403 session.encrypted = true; | |
| 404 | |
| 405 local sock = session.conn:socket(); | |
| 406 local info = sock.info and sock:info(); | |
| 407 if type(info) == "table" then | |
| 408 (session.log or log)("info", "Stream encrypted (%s with %s)", info.protocol, info.cipher); | |
| 409 session.compressed = info.compression; | |
| 410 m_tls_params:with_labels(info.protocol, info.cipher):add(1) | |
| 411 else | |
| 412 (session.log or log)("info", "Stream encrypted"); | |
| 413 end | |
| 414 end | 418 end |
| 415 | 419 |
| 416 if session.direction == "incoming" then | 420 if session.direction == "incoming" then |
| 417 -- Send a reply stream header | 421 -- Send a reply stream header |
| 418 | 422 |
