Software / code / prosody
Changeset
2654:07a6f5f9d4be
mod_tls: Only negotiate TLS on outgoing s2s connections if we have an SSL context (thanks Flo...)
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Tue, 16 Feb 2010 17:15:43 +0000 |
| parents | 2652:cbc58fc170ad |
| children | 2655:42a6e4d09b09 2656:9fab59009397 |
| files | plugins/mod_tls.lua |
| diffstat | 1 files changed, 3 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/plugins/mod_tls.lua Tue Feb 16 15:05:18 2010 +0000 +++ b/plugins/mod_tls.lua Tue Feb 16 17:15:43 2010 +0000 @@ -29,6 +29,8 @@ return session.conn.starttls and host.ssl_ctx_in; elseif session.type == "s2sin_unauthed" then return session.conn.starttls and host.ssl_ctx_in; + elseif session.direction == "outgoing" then + return session.conn.starttls and host.ssl_ctx; end return false; end @@ -69,7 +71,7 @@ -- For s2sout connections, start TLS if we can module:hook_stanza("http://etherx.jabber.org/streams", "features", function (session, stanza) module:log("debug", "Received features element"); - if session.conn.starttls and stanza:child_with_ns(xmlns_starttls) then + if can_do_tls(session) and stanza:child_with_ns(xmlns_starttls) then module:log("%s is offering TLS, taking up the offer...", session.to_host); session.sends2s("<starttls xmlns='"..xmlns_starttls.."'/>"); return true;
