# HG changeset patch
# User Jonas Schäfer <jonas@wielicki.name>
# Date 1631906310 -7200
# Node ID b193f8a2737edccf4fb3249e8413ae9f09bf5211
# Parent  2ee27587fec7465d86275759d652529a4d2f71ac
mod_tls: Do not offer TLS if the connection is considered secure

This may be necessary if the session.conn object is not exchanged by the
network backend when establishing TLS. In that case, the starttls method
will always exist and thus that is not a good indicator for offering
TLS.

However, the secure bit already tells us that TLS has been established
or is not to be established on the connection, so we use that instead.

diff -r 2ee27587fec7 -r b193f8a2737e plugins/mod_tls.lua
--- a/plugins/mod_tls.lua	Sat Apr 02 11:15:33 2022 +0200
+++ b/plugins/mod_tls.lua	Fri Sep 17 21:18:30 2021 +0200
@@ -80,6 +80,9 @@
 module:hook_global("config-reloaded", module.load);
 
 local function can_do_tls(session)
+	if session.secure then
+		return false;
+	end
 	if session.conn and not session.conn.starttls then
 		if not session.secure then
 			session.log("debug", "Underlying connection does not support STARTTLS");