Software / code / prosody
Changeset
1981:ffbc57a4dea8
mod_tls: Offer the host-specific cert (when there is one) to incoming c2s/s2s connections, fixes #30 (thanks, albert, Flo, johnny, and all who nagged me :) )
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Sat, 17 Oct 2009 16:25:28 +0100 |
| parents | 1980:8fceabd84d74 |
| children | 1982:df88f048c34d |
| files | plugins/mod_tls.lua |
| diffstat | 1 files changed, 6 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/plugins/mod_tls.lua Sat Oct 17 16:23:03 2009 +0100 +++ b/plugins/mod_tls.lua Sat Oct 17 16:25:28 2009 +0100 @@ -19,6 +19,9 @@ if session.conn.starttls then session.send(st.stanza("proceed", { xmlns = xmlns_starttls })); session:reset_stream(); + if session.host and hosts[session.host].ssl_ctx_in then + session.conn.set_sslctx(hosts[session.host].ssl_ctx_in); + end session.conn.starttls(); session.log("info", "TLS negotiation started..."); session.secure = false; @@ -33,6 +36,9 @@ if session.conn.starttls then session.sends2s(st.stanza("proceed", { xmlns = xmlns_starttls })); session:reset_stream(); + if session.to_host and hosts[session.to_host].ssl_ctx_in then + session.conn.set_sslctx(hosts[session.to_host].ssl_ctx_in); + end session.conn.starttls(); session.log("info", "TLS negotiation started for incoming s2s..."); session.secure = false;
