# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1485164720 -3600
# Node ID 94c0c864982626e4b4f9f9604af5c59a0ab03b51
# Parent  d02ef0ae94af8b31976fc195a80fe5817fdf331a
mod_tls: Only accept <proceed> on outgoing s2s connections

diff -r d02ef0ae94af -r 94c0c8649826 plugins/mod_tls.lua
--- a/plugins/mod_tls.lua	Sun Jan 22 09:55:52 2017 +0100
+++ b/plugins/mod_tls.lua	Mon Jan 23 10:45:20 2017 +0100
@@ -124,9 +124,11 @@
 end, 500);
 
 module:hook_stanza(xmlns_starttls, "proceed", function (session, stanza) -- luacheck: ignore 212/stanza
-	module:log("debug", "Proceeding with TLS on s2sout...");
-	session:reset_stream();
-	session.conn:starttls(session.ssl_ctx);
-	session.secure = false;
-	return true;
+	if session.type == "s2sout_unauthed" then
+		module:log("debug", "Proceeding with TLS on s2sout...");
+		session:reset_stream();
+		session.conn:starttls(session.ssl_ctx);
+		session.secure = false;
+		return true;
+	end
 end);