Software /
code /
prosody
Diff
plugins/mod_tls.lua @ 7833:94c0c8649826
mod_tls: Only accept <proceed> on outgoing s2s connections
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Mon, 23 Jan 2017 10:45:20 +0100 |
parent | 7712:0d93dfc2fbfd |
child | 7834:a2081d28bd22 |
line wrap: on
line diff
--- a/plugins/mod_tls.lua Sun Jan 22 09:55:52 2017 +0100 +++ b/plugins/mod_tls.lua Mon Jan 23 10:45:20 2017 +0100 @@ -124,9 +124,11 @@ end, 500); module:hook_stanza(xmlns_starttls, "proceed", function (session, stanza) -- luacheck: ignore 212/stanza - module:log("debug", "Proceeding with TLS on s2sout..."); - session:reset_stream(); - session.conn:starttls(session.ssl_ctx); - session.secure = false; - return true; + if session.type == "s2sout_unauthed" then + module:log("debug", "Proceeding with TLS on s2sout..."); + session:reset_stream(); + session.conn:starttls(session.ssl_ctx); + session.secure = false; + return true; + end end);