prosody
ef11b8bab405
plugins/mod_tls.lua
Software / code / prosody
Comparison
plugins/mod_tls.lua @ 5993:ef11b8bab405
Merge 0.9->0.10
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Sat, 18 Jan 2014 18:46:12 +0000 |
| parent | 5978:d21ea6001bba |
| parent | 5988:177f233b5211 |
| child | 6296:66fb7b7c668d |
comparison
equal
deleted
inserted
replaced
| 5985:98ed9fe368ac | 5993:ef11b8bab405 |
|---|---|
| 8 | 8 |
| 9 local config = require "core.configmanager"; | 9 local config = require "core.configmanager"; |
| 10 local create_context = require "core.certmanager".create_context; | 10 local create_context = require "core.certmanager".create_context; |
| 11 local st = require "util.stanza"; | 11 local st = require "util.stanza"; |
| 12 | 12 |
| 13 local secure_auth_only = module:get_option("c2s_require_encryption") or module:get_option("require_encryption"); | 13 local c2s_require_encryption = module:get_option("c2s_require_encryption") or module:get_option("require_encryption"); |
| 14 local secure_s2s_only = module:get_option("s2s_require_encryption"); | 14 local s2s_require_encryption = module:get_option("s2s_require_encryption"); |
| 15 local allow_s2s_tls = module:get_option("s2s_allow_encryption") ~= false; | 15 local allow_s2s_tls = module:get_option("s2s_allow_encryption") ~= false; |
| 16 local s2s_secure_auth = module:get_option("s2s_secure_auth"); | |
| 17 | |
| 18 if s2s_secure_auth and s2s_require_encryption == false then | |
| 19 module:log("warn", "s2s_secure_auth implies s2s_require_encryption, but s2s_require_encryption is set to false"); | |
| 20 s2s_require_encryption = true; | |
| 21 end | |
| 16 | 22 |
| 17 local xmlns_starttls = 'urn:ietf:params:xml:ns:xmpp-tls'; | 23 local xmlns_starttls = 'urn:ietf:params:xml:ns:xmpp-tls'; |
| 18 local starttls_attr = { xmlns = xmlns_starttls }; | 24 local starttls_attr = { xmlns = xmlns_starttls }; |
| 19 local starttls_proceed = st.stanza("proceed", starttls_attr); | 25 local starttls_proceed = st.stanza("proceed", starttls_attr); |
| 20 local starttls_failure = st.stanza("failure", starttls_attr); | 26 local starttls_failure = st.stanza("failure", starttls_attr); |
| 21 local c2s_feature = st.stanza("starttls", starttls_attr); | 27 local c2s_feature = st.stanza("starttls", starttls_attr); |
| 22 local s2s_feature = st.stanza("starttls", starttls_attr); | 28 local s2s_feature = st.stanza("starttls", starttls_attr); |
| 23 if secure_auth_only then c2s_feature:tag("required"):up(); end | 29 if c2s_require_encryption then c2s_feature:tag("required"):up(); end |
| 24 if secure_s2s_only then s2s_feature:tag("required"):up(); end | 30 if s2s_require_encryption then s2s_feature:tag("required"):up(); end |
| 25 | 31 |
| 26 local hosts = prosody.hosts; | 32 local hosts = prosody.hosts; |
| 27 local host = hosts[module.host]; | 33 local host = hosts[module.host]; |
| 28 | 34 |
| 29 local ssl_ctx_c2s, ssl_ctx_s2sout, ssl_ctx_s2sin; | 35 local ssl_ctx_c2s, ssl_ctx_s2sout, ssl_ctx_s2sin; |
