prosody
1edeb8fe7d14
plugins/mod_tls.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Diff

plugins/mod_tls.lua @ 2877:1edeb8fe7d14

Merge 0.6.2/waqas with 0.6.2/MattJ
author Matthew Wild <mwild1@gmail.com>
date Wed, 03 Mar 2010 22:05:05 +0000
parent 2802:ded1c649484a
parent 2872:cdc292d201fc
child 2923:b7049746bd29
line wrap: on
line diff
--- a/plugins/mod_tls.lua	Fri Feb 19 03:30:27 2010 +0000
+++ b/plugins/mod_tls.lua	Wed Mar 03 22:05:05 2010 +0000
@@ -14,9 +14,11 @@
 local secure_auth_only = module:get_option("c2s_require_encryption") or module:get_option("require_encryption");
 local secure_s2s_only = module:get_option("s2s_require_encryption");
 
+local host = hosts[module.host];
+
 module:add_handler("c2s_unauthed", "starttls", xmlns_starttls,
 		function (session, stanza)
-			if session.conn.starttls then
+			if session.conn.starttls and host.ssl_ctx_in then
 				session.send(st.stanza("proceed", { xmlns = xmlns_starttls }));
 				session:reset_stream();
 				if session.host and hosts[session.host].ssl_ctx_in then
@@ -26,14 +28,15 @@
 				session.log("info", "TLS negotiation started...");
 				session.secure = false;
 			else
-				-- FIXME: What reply?
 				session.log("warn", "Attempt to start TLS, but TLS is not available on this connection");
+				(session.sends2s or session.send)(st.stanza("failure", { xmlns = xmlns_starttls }));
+				session:close();
 			end
 		end);
 		
 module:add_handler("s2sin_unauthed", "starttls", xmlns_starttls,
 		function (session, stanza)
-			if session.conn.starttls then
+			if session.conn.starttls and host.ssl_ctx_in then
 				session.sends2s(st.stanza("proceed", { xmlns = xmlns_starttls }));
 				session:reset_stream();
 				if session.to_host and hosts[session.to_host].ssl_ctx_in then
@@ -43,8 +46,9 @@
 				session.log("info", "TLS negotiation started for incoming s2s...");
 				session.secure = false;
 			else
-				-- FIXME: What reply?
 				session.log("warn", "Attempt to start TLS, but TLS is not available on this s2s connection");
+				(session.sends2s or session.send)(st.stanza("failure", { xmlns = xmlns_starttls }));
+				session:close();
 			end
 		end);
 
@@ -66,7 +70,7 @@
 		function (data)
 			local session, features = data.session, data.features;
 			if session.to_host and session.conn.starttls then
-				features:tag("starttls", starttls_attr):up();
+				features:tag("starttls", starttls_attr);
 				if secure_s2s_only then
 					features:tag("required"):up():up();
 				else