prosody
19b50ce9ef5a

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Changeset

11839:19b50ce9ef5a

net.server_epoll: Prevent starttls on direct TLS connections This is not a pretty way to signal this... but it is the current API interface:inittls() is a new code path which did not go past the point in interface:starttls() where it set starttls to false, leading mod_tls to offer starttls on direct TLS connections Thanks Martin for discovering.
author Kim Alvefur <zash@zash.se>
date Tue, 05 Oct 2021 19:56:36 +0200
parents 11838:442eac4e7399
children 11840:5e9e75c277a2
files net/server_epoll.lua
diffstat 1 files changed, 1 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/net/server_epoll.lua	Tue Oct 05 18:34:38 2021 +0200
+++ b/net/server_epoll.lua	Tue Oct 05 19:56:36 2021 +0200
@@ -634,6 +634,7 @@
 	if self._tls then return end
 	if tls_ctx then self.tls_ctx = tls_ctx; end
 	self._tls = true;
+	self.starttls = false;
 	self:debug("Starting TLS now");
 	self:updatenames(); -- Can't getpeer/sockname after wrap()
 	local ok, conn, err = pcall(luasec.wrap, self.conn, self.tls_ctx);