# HG changeset patch # User Kim Alvefur # Date 1633456596 -7200 # Node ID 19b50ce9ef5ab4b93d524ede7b8a67aee93ad923 # Parent 442eac4e7399833b5c31962d6b63a5c064477c27 net.server_epoll: Prevent starttls on direct TLS connections This is not a pretty way to signal this... but it is the current API interface:inittls() is a new code path which did not go past the point in interface:starttls() where it set starttls to false, leading mod_tls to offer starttls on direct TLS connections Thanks Martin for discovering. diff -r 442eac4e7399 -r 19b50ce9ef5a net/server_epoll.lua --- a/net/server_epoll.lua Tue Oct 05 18:34:38 2021 +0200 +++ b/net/server_epoll.lua Tue Oct 05 19:56:36 2021 +0200 @@ -634,6 +634,7 @@ if self._tls then return end if tls_ctx then self.tls_ctx = tls_ctx; end self._tls = true; + self.starttls = false; self:debug("Starting TLS now"); self:updatenames(); -- Can't getpeer/sockname after wrap() local ok, conn, err = pcall(luasec.wrap, self.conn, self.tls_ctx);