mod_tls: Don't advertise TLS after authentication.

author: Waqas Hussain <waqas20@gmail.com>
date: Wed, 10 Feb 2010 01:36:22 +0500
parent: 2544:b68cbc664d18
child: 2594:ab52fdd9f5d0
--- a/plugins/mod_tls.lua	Wed Feb 10 00:46:04 2010 +0500
+++ b/plugins/mod_tls.lua	Wed Feb 10 01:36:22 2010 +0500
@@ -50,7 +50,7 @@
 local starttls_attr = { xmlns = xmlns_starttls };
 module:add_event_hook("stream-features", 
 		function (session, features)
-			if session.conn.starttls then
+			if not session.username and session.conn.starttls then
 				features:tag("starttls", starttls_attr);
 				if secure_auth_only then
 					features:tag("required"):up():up();
@@ -63,7 +63,7 @@
 module:hook("s2s-stream-features", 
 		function (data)
 			local session, features = data.session, data.features;
-			if session.to_host and session.conn.starttls then
+			if session.to_host and session.type ~= "s2sin" and session.conn.starttls then
 				features:tag("starttls", starttls_attr):up();
 				if secure_s2s_only then
 					features:tag("required"):up():up();
author	Waqas Hussain <waqas20@gmail.com>
date	Wed, 10 Feb 2010 01:36:22 +0500
parent	2544:b68cbc664d18
child	2594:ab52fdd9f5d0