prosody
e68ff49fa79b
plugins/mod_tls.lua
Software / code / prosody
Comparison
plugins/mod_tls.lua @ 2933:e68ff49fa79b
Merge 0.6->0.7
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Wed, 24 Mar 2010 22:34:59 +0000 |
| parent | 2925:692b3c6c5bd2 |
| parent | 2932:d2816fb6c7ea |
| child | 3397:f376f0bd1d1f |
comparison
equal
deleted
inserted
replaced
| 2931:de4daf300f19 | 2933:e68ff49fa79b |
|---|---|
| 8 | 8 |
| 9 local st = require "util.stanza"; | 9 local st = require "util.stanza"; |
| 10 | 10 |
| 11 local secure_auth_only = module:get_option("c2s_require_encryption") or module:get_option("require_encryption"); | 11 local secure_auth_only = module:get_option("c2s_require_encryption") or module:get_option("require_encryption"); |
| 12 local secure_s2s_only = module:get_option("s2s_require_encryption"); | 12 local secure_s2s_only = module:get_option("s2s_require_encryption"); |
| 13 local allow_s2s_tls = module:get_option("s2s_allow_encryption") ~= false; | |
| 13 | 14 |
| 14 local xmlns_starttls = 'urn:ietf:params:xml:ns:xmpp-tls'; | 15 local xmlns_starttls = 'urn:ietf:params:xml:ns:xmpp-tls'; |
| 15 local starttls_attr = { xmlns = xmlns_starttls }; | 16 local starttls_attr = { xmlns = xmlns_starttls }; |
| 16 local starttls_proceed = st.stanza("proceed", starttls_attr); | 17 local starttls_proceed = st.stanza("proceed", starttls_attr); |
| 17 local starttls_failure = st.stanza("failure", starttls_attr); | 18 local starttls_failure = st.stanza("failure", starttls_attr); |
| 25 local host = hosts[module.host]; | 26 local host = hosts[module.host]; |
| 26 | 27 |
| 27 local function can_do_tls(session) | 28 local function can_do_tls(session) |
| 28 if session.type == "c2s_unauthed" then | 29 if session.type == "c2s_unauthed" then |
| 29 return session.conn.starttls and host.ssl_ctx_in; | 30 return session.conn.starttls and host.ssl_ctx_in; |
| 30 elseif session.type == "s2sin_unauthed" then | 31 elseif session.type == "s2sin_unauthed" and allow_s2s_tls then |
| 31 return session.conn.starttls and host.ssl_ctx_in; | 32 return session.conn.starttls and host.ssl_ctx_in; |
| 32 elseif session.direction == "outgoing" then | 33 elseif session.direction == "outgoing" and allow_s2s_tls then |
| 33 return session.conn.starttls and host.ssl_ctx; | 34 return session.conn.starttls and host.ssl_ctx; |
| 34 end | 35 end |
| 35 return false; | 36 return false; |
| 36 end | 37 end |
| 37 | 38 |
