Diff

plugins/mod_tls.lua @ 7833:94c0c8649826

mod_tls: Only accept <proceed> on outgoing s2s connections
author Kim Alvefur <zash@zash.se>
date Mon, 23 Jan 2017 10:45:20 +0100
parent 7712:0d93dfc2fbfd
child 7834:a2081d28bd22
line wrap: on
line diff
--- a/plugins/mod_tls.lua	Sun Jan 22 09:55:52 2017 +0100
+++ b/plugins/mod_tls.lua	Mon Jan 23 10:45:20 2017 +0100
@@ -124,9 +124,11 @@
 end, 500);
 
 module:hook_stanza(xmlns_starttls, "proceed", function (session, stanza) -- luacheck: ignore 212/stanza
-	module:log("debug", "Proceeding with TLS on s2sout...");
-	session:reset_stream();
-	session.conn:starttls(session.ssl_ctx);
-	session.secure = false;
-	return true;
+	if session.type == "s2sout_unauthed" then
+		module:log("debug", "Proceeding with TLS on s2sout...");
+		session:reset_stream();
+		session.conn:starttls(session.ssl_ctx);
+		session.secure = false;
+		return true;
+	end
 end);