mod_tls: Record STARTTLS state so it can be shown in Shell This field can be viewed using s2s:show(nil, "... starttls") even without any special support in mod_admin_shell, which can be added later to make it nicer. One can then assume that a TLS connection with an empty / nil starttls field means Direct TLS.

author: Kim Alvefur <zash@zash.se>
date: Tue, 02 Aug 2022 19:26:26 +0200
parent: 12484:fb65b5a033b2
child: 12977:74b9e05af71e
--- a/plugins/mod_tls.lua	Tue Aug 02 16:08:43 2022 +0200
+++ b/plugins/mod_tls.lua	Tue Aug 02 19:26:26 2022 +0200
@@ -128,6 +128,7 @@
 -- Hook <starttls/>
 module:hook("stanza/urn:ietf:params:xml:ns:xmpp-tls:starttls", function(event)
 	local origin = event.origin;
+	origin.starttls = "requested";
 	if can_do_tls(origin) then
 		if origin.conn.block_reads then
 			-- we need to ensure that no data is read anymore, otherwise we could end up in a situation where
@@ -176,6 +177,7 @@
 			module:log("debug", "%s is not offering TLS", session.to_host);
 			return;
 		end
+		session.starttls = "initiated";
 		session.sends2s(starttls_initiate);
 		return true;
 	end
@@ -193,6 +195,7 @@
 	if session.type == "s2sout_unauthed" and can_do_tls(session) then
 		module:log("debug", "Proceeding with TLS on s2sout...");
 		session:reset_stream();
+		session.starttls = "proceeding"
 		session.conn:starttls(session.ssl_ctx, session.to_host);
 		session.secure = false;
 		return true;