Changeset

12207:65e252940337

mod_s2s: Retrieve TLS context for outgoing Direct TLS connections from mod_tls So that the same TLS context is used for both Direct TLS and starttls, since they are supposed to be functionally identical apart from the few extra round trips. A new event is added because the 's2s-created' event fires much later, after a connection has already been established, where we need the TLS context before that.
author Kim Alvefur <zash@zash.se>
date Fri, 21 Jan 2022 18:42:38 +0100
parents 12206:77ac0d96ac24
children 12208:3edf1a38fb15
files plugins/mod_s2s.lua plugins/mod_tls.lua
diffstat 2 files changed, 17 insertions(+), 8 deletions(-) [+]
line wrap: on
line diff
--- a/plugins/mod_s2s.lua	Fri Jan 21 17:59:19 2022 +0100
+++ b/plugins/mod_s2s.lua	Fri Jan 21 18:42:38 2022 +0100
@@ -218,14 +218,18 @@
 	log("debug", "stanza [%s] queued until connection complete", stanza.name);
 	-- FIXME Cleaner solution to passing extra data from resolvers to net.server
 	-- This mt-clone allows resolvers to add extra data, currently used for DANE TLSA records
+	module:context(from_host):fire_event("s2sout-created", { session = host_session });
 	local xmpp_extra = setmetatable({}, s2s_service_options_mt);
-	local sslctx = require"core.certmanager".create_context(from_host, "client"); -- TODO this should live in mod_tls ?
-	local xmpps_extra = setmetatable({ default_port = false; servername = to_host; sslctx = sslctx }, s2s_service_options_mt);
-	local direct_and_normal = resolver_chain.new({
-		service.new(to_host, "xmpps-server", "tcp", xmpps_extra);
-		service.new(to_host, "xmpp-server", "tcp", xmpp_extra);
-	});
-	connect(direct_and_normal, listener, nil, { session = host_session });
+	local resolver = service.new(to_host, "xmpp-server", "tcp", xmpp_extra);
+	if host_session.ssl_ctx then
+		local sslctx = host_session.ssl_ctx;
+		local xmpps_extra = setmetatable({ default_port = false; servername = to_host; sslctx = sslctx }, s2s_service_options_mt);
+		resolver = resolver_chain.new({
+			service.new(to_host, "xmpps-server", "tcp", xmpps_extra);
+			resolver;
+		});
+	end
+	connect(resolver, listener, nil, { session = host_session });
 	m_initiated_connections:with_labels(from_host):add(1)
 	return true;
 end
--- a/plugins/mod_tls.lua	Fri Jan 21 17:59:19 2022 +0100
+++ b/plugins/mod_tls.lua	Fri Jan 21 18:42:38 2022 +0100
@@ -79,7 +79,7 @@
 module:hook_global("config-reloaded", module.load);
 
 local function can_do_tls(session)
-	if not session.conn.starttls then
+	if session.conn and not session.conn.starttls then
 		if not session.secure then
 			session.log("debug", "Underlying connection does not support STARTTLS");
 		end
@@ -116,6 +116,11 @@
 	return session.ssl_ctx;
 end
 
+module:hook("s2sout-created", function (event)
+	-- Initialize TLS context for outgoing connections
+	can_do_tls(event.session);
+end);
+
 -- Hook <starttls/>
 module:hook("stanza/urn:ietf:params:xml:ns:xmpp-tls:starttls", function(event)
 	local origin = event.origin;