# HG changeset patch
# User Matthew Wild <mwild1@gmail.com>
# Date 1254661605 -3600
# Node ID 334383faf77ba436d99f1492c2819895a4bea16a
# Parent  262ea889016f44d2a35bc9be5379db4b9775b9ee
mod_tls: Advertise and handle TLS for s2s connections

diff -r 262ea889016f -r 334383faf77b plugins/mod_tls.lua
--- a/plugins/mod_tls.lua	Sun Oct 04 14:03:08 2009 +0100
+++ b/plugins/mod_tls.lua	Sun Oct 04 14:06:45 2009 +0100
@@ -8,7 +8,8 @@
 local st = require "util.stanza";
-local xmlns_starttls ='urn:ietf:params:xml:ns:xmpp-tls';
+local xmlns_stream = 'http://etherx.jabber.org/streams';
+local xmlns_starttls = 'urn:ietf:params:xml:ns:xmpp-tls';
 local secure_auth_only = module:get_option("require_encryption");
@@ -26,6 +27,20 @@
+module:add_handler("s2sin_unauthed", "starttls", xmlns_starttls,
+		function (session, stanza)
+			if session.conn.starttls then
+				session.sends2s(st.stanza("proceed", { xmlns = xmlns_starttls }));
+				session:reset_stream();
+				session.conn.starttls();
+				session.log("info", "TLS negotiation started for incoming s2s...");
+			else
+				-- FIXME: What reply?
+				session.log("warn", "Attempt to start TLS, but TLS is not available on this s2s connection");
+			end
+		end);
 local starttls_attr = { xmlns = xmlns_starttls };
 		function (session, features)
@@ -38,3 +53,30 @@
+		function (session, features)												
+			if session.conn.starttls then
+				--features:tag("starttls", starttls_attr):up();
+			end
+		end);
+-- For s2sout connections, start TLS if we can
+module:hook_stanza(xmlns_stream, "features",
+		function (session, stanza)
+			module:log("debug", "Received features element");
+			if stanza:child_with_ns(xmlns_starttls) then
+				module:log("%s is offering TLS, taking up the offer...", session.to_host);
+				session.sends2s("<starttls xmlns='"..xmlns_starttls.."'/>");
+				return true;
+			end
+		end, 500);
+module:hook_stanza(xmlns_starttls, "proceed",
+		function (session, stanza)
+			module:log("debug", "Proceeding with TLS on s2sout...");
+			local format, to_host, from_host = string.format, session.to_host, session.from_host;
+			session:reset_stream();
+			session.conn.starttls(true);
+			return true;
+		end);