prosody
ad66ee47b674

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Changeset

5594:ad66ee47b674

mod_s2s: Fix interaction between s2s_secure_auth and s2s_require_encryption, in particular ensure that when s2s_require_encryption is NOT set, do not require encryption on s2s_insecure_domains.
author Matthew Wild <mwild1@gmail.com>
date Sat, 18 May 2013 12:02:25 +0100
parents 5577:8b09b0d068d4
children 5595:b9c836dc8f2a 5596:73fea1a87afd
files plugins/mod_s2s/mod_s2s.lua
diffstat 1 files changed, 2 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/plugins/mod_s2s/mod_s2s.lua	Tue May 14 09:38:54 2013 +0100
+++ b/plugins/mod_s2s/mod_s2s.lua	Sat May 18 12:02:25 2013 +0100
@@ -37,7 +37,7 @@
 local secure_auth = module:get_option_boolean("s2s_secure_auth", false); -- One day...
 local secure_domains, insecure_domains =
 	module:get_option_set("s2s_secure_domains", {})._items, module:get_option_set("s2s_insecure_domains", {})._items;
-local require_encryption = module:get_option_boolean("s2s_require_encryption", secure_auth);
+local require_encryption = module:get_option_boolean("s2s_require_encryption", false);
 
 local sessions = module:shared("sessions");
 
@@ -185,7 +185,7 @@
 function make_authenticated(event)
 	local session, host = event.session, event.host;
 	if not session.secure then
-		if require_encryption or secure_auth or secure_domains[host] then
+		if require_encryption or (secure_auth and not(insecure_domains[host])) or secure_domains[host] then
 			session:close({
 				condition = "policy-violation",
 				text = "Encrypted server-to-server communication is required but was not "