prosody
07a6f5f9d4be
plugins/mod_tls.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Diff

plugins/mod_tls.lua @ 2654:07a6f5f9d4be

mod_tls: Only negotiate TLS on outgoing s2s connections if we have an SSL context (thanks Flo...)
author Matthew Wild <mwild1@gmail.com>
date Tue, 16 Feb 2010 17:15:43 +0000
parent 2636:d2805ad5b736
child 2925:692b3c6c5bd2
line wrap: on
line diff
--- a/plugins/mod_tls.lua	Tue Feb 16 15:05:18 2010 +0000
+++ b/plugins/mod_tls.lua	Tue Feb 16 17:15:43 2010 +0000
@@ -29,6 +29,8 @@
 		return session.conn.starttls and host.ssl_ctx_in;
 	elseif session.type == "s2sin_unauthed" then
 		return session.conn.starttls and host.ssl_ctx_in;
+	elseif session.direction == "outgoing" then
+		return session.conn.starttls and host.ssl_ctx;
 	end
 	return false;
 end
@@ -69,7 +71,7 @@
 -- For s2sout connections, start TLS if we can
 module:hook_stanza("http://etherx.jabber.org/streams", "features", function (session, stanza)
 	module:log("debug", "Received features element");
-	if session.conn.starttls and stanza:child_with_ns(xmlns_starttls) then
+	if can_do_tls(session) and stanza:child_with_ns(xmlns_starttls) then
 		module:log("%s is offering TLS, taking up the offer...", session.to_host);
 		session.sends2s("<starttls xmlns='"..xmlns_starttls.."'/>");
 		return true;