# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1443118519 -7200
# Node ID c314e9142e9d4fc71aae33e1180ac84ad193ab91
# Parent  161cccfdf0159e8df671a6fa9b878f8d7000474c# Parent  7eb166fa1f26019a89b19673a1e7db09f0ebac8f
Merge 0.10->trunk

diff -r 161cccfdf015 -r c314e9142e9d plugins/mod_c2s.lua
--- a/plugins/mod_c2s.lua	Tue Sep 22 01:31:52 2015 +0200
+++ b/plugins/mod_c2s.lua	Thu Sep 24 20:15:19 2015 +0200
@@ -83,7 +83,12 @@
 
 	local features = st.stanza("stream:features");
 	hosts[session.host].events.fire_event("stream-features", { origin = session, features = features });
-	send(features);
+	if features.tags[1] or session.full_jid then
+		send(features);
+	else
+		(session.log or log)("warn", "No features to offer");
+		session:close{ condition = "undefined-condition", text = "No features to proceed with" };
+	end
 end
 
 function stream_callbacks.streamclosed(session)
diff -r 161cccfdf015 -r c314e9142e9d plugins/mod_s2s/mod_s2s.lua
--- a/plugins/mod_s2s/mod_s2s.lua	Tue Sep 22 01:31:52 2015 +0200
+++ b/plugins/mod_s2s/mod_s2s.lua	Thu Sep 24 20:15:19 2015 +0200
@@ -354,8 +354,13 @@
 				(session.log or log)("warn", "No 'to' on stream header from %s means we can't offer any features", from or session.ip or "unknown host");
 			end
 
-			log("debug", "Sending stream features: %s", tostring(features));
-			session.sends2s(features);
+			if ( session.type == "s2sin" or session.type == "s2sout" ) or features.tags[1] then
+				log("debug", "Sending stream features: %s", tostring(features));
+				session.sends2s(features);
+			else
+				(session.log or log)("warn", "No features to offer, giving up");
+				session:close({ condition = "undefined-condition", text = "No features to offer" });
+			end
 		end
 	elseif session.direction == "outgoing" then
 		session.notopen = nil;
diff -r 161cccfdf015 -r c314e9142e9d prosodyctl
--- a/prosodyctl	Tue Sep 22 01:31:52 2015 +0200
+++ b/prosodyctl	Thu Sep 24 20:15:19 2015 +0200
@@ -913,6 +913,43 @@
 			   	print("     For more information see: http://prosody.im/doc/dns");
 			end
 		end
+		local all_options = set.new();
+		for host in enabled_hosts() do
+			all_options:include(set.new(it.to_array(it.keys(config[host]))));
+		end
+		local ssl = nil, dependencies.softreq"ssl";
+		if not ssl then
+			if not set.intersection(all_options, set.new({"require_encryption", "c2s_require_encryption", "s2s_require_encryption"})):empty() then
+				print("");
+				print("    You require encryption but LuaSec is not available.");
+				print("    Connections will fail.");
+				ok = false;
+			end
+		elseif not ssl.loadcertificate then
+			if all_options:contains("s2s_secure_auth") then
+				print("");
+				print("    You have set s2s_secure_auth but your version of LuaSec does ");
+				print("    not support certificate validation, so all s2s connections will");
+				print("    fail.");
+				ok = false;
+			elseif all_options:contains("s2s_secure_domains") then
+				local secure_domains = set.new();
+				for host in enabled_hosts() do
+					if config[host].s2s_secure_auth == true then
+						secure_domains:add("*");
+					else
+						secure_domains:include(set.new(config[host].s2s_secure_domains));
+					end
+				end
+				if not secure_domains:empty() then
+					print("");
+					print("    You have set s2s_secure_domains but your version of LuaSec does ");
+					print("    not support certificate validation, so s2s connections to/from ");
+					print("    these domains will fail.");
+					ok = false;
+				end
+			end
+		end
 		
 		print("Done.\n");
 	end