# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1488042510 -3600
# Node ID 1ea3a8dc7dd59be66d7a9574af687b7077731ab7
# Parent  e3d3ebd417f476e96bd04822ef226e3233f4b48d# Parent  72b6d5ab4137f87e91c23b639b13351f7c41575f
Merge 0.9->0.10

diff -r e3d3ebd417f4 -r 1ea3a8dc7dd5 plugins/mod_register.lua
--- a/plugins/mod_register.lua	Sat Feb 25 17:57:22 2017 +0100
+++ b/plugins/mod_register.lua	Sat Feb 25 18:08:30 2017 +0100
@@ -21,6 +21,7 @@
 local compat = module:get_option_boolean("registration_compat", true);
 local allow_registration = module:get_option_boolean("allow_registration", false);
 local additional_fields = module:get_option("additional_registration_fields", {});
+local require_encryption = module:get_option("c2s_require_encryption") or module:get_option("require_encryption");
 
 local account_details = module:open_store("account_details");
 
@@ -83,7 +84,7 @@
 	local session, features = event.origin, event.features;
 
 	-- Advertise registration to unauthorized clients only.
-	if not(allow_registration) or session.type ~= "c2s_unauthed" then
+	if not(allow_registration) or session.type ~= "c2s_unauthed" or (require_encryption and not session.secure) then
 		return
 	end
 
@@ -213,6 +214,8 @@
 	if not(allow_registration) or session.type ~= "c2s_unauthed" then
 		log("debug", "Attempted registration when disabled or already authenticated");
 		session.send(st.error_reply(stanza, "cancel", "service-unavailable"));
+	elseif require_encryption and not session.secure then
+		session.send(st.error_reply(stanza, "modify", "policy-violation", "Encryption is required"));
 	else
 		local query = stanza.tags[1];
 		if stanza.attr.type == "get" then