prosody
8b68e8faab52
plugins/mod_s2s_bidi.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

File

plugins/mod_s2s_bidi.lua @ 13503:8b68e8faab52

core.certmanager: Include ffdhe2048 from RFC 7919 as default DH param This removes one manual (yet undocumented) step that was supposed to be done to get a complete 'intermediate' configuration. This file can be found on the Internet by searching for "ffdhe2048" and can be verified by comparing the hexadecimal representation of p from the RFC with the output of `openssl asn1parse`. Given the preference and prevalence of ECDHE, it seems likely that few would have noticed this.
author Kim Alvefur <zash@zash.se>
date Fri, 12 Jul 2024 15:06:42 +0200
parent 12977:74b9e05af71e
child 13507:4fb6a3eb9c29
line wrap: on
line source

-- Prosody IM
-- Copyright (C) 2019 Kim Alvefur
--
-- This project is MIT/X11 licensed. Please see the
-- COPYING file in the source package for more information.
--

local st = require "prosody.util.stanza";

local xmlns_bidi_feature = "urn:xmpp:features:bidi"
local xmlns_bidi = "urn:xmpp:bidi";

local require_encryption = module:get_option_boolean("s2s_require_encryption", true);

module:hook("s2s-stream-features", function(event)
	local origin, features = event.origin, event.features;
	if origin.type == "s2sin_unauthed" and (not require_encryption or origin.secure) then
		features:tag("bidi", { xmlns = xmlns_bidi_feature }):up();
	end
end);

module:hook_tag("http://etherx.jabber.org/streams", "features", function (session, stanza)
	if session.type == "s2sout_unauthed" and (not require_encryption or session.secure) then
		local bidi = stanza:get_child("bidi", xmlns_bidi_feature);
		if bidi then
			session.incoming = true;
			session.log("debug", "Requesting bidirectional stream");
			local request_bidi = st.stanza("bidi", { xmlns = xmlns_bidi });
			module:fire_event("s2sout-stream-features", { origin = session, features = request_bidi });
			session.sends2s(request_bidi);
		end
	end
end, 200);

module:hook_tag("urn:xmpp:bidi", "bidi", function(session)
	if session.type == "s2sin_unauthed" and (not require_encryption or session.secure) then
		session.log("debug", "Requested bidirectional stream");
		session.outgoing = true;
		return true;
	end
end);