Software / code / verse
Annotate
plugins/tls.lua @ 99:0f5a8d530fcd
verse.plugins.disco: Add disco plugin originally developed by Hubert Chathi for Riddim, but here adapted for Verse with new APIs added to allow disco'ing the local server and remote entities
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Sat, 21 Aug 2010 14:51:36 +0100 |
| parent | 67:8154b72591d5 |
| child | 197:7e98cf2c1d8d |
| rev | line source |
|---|---|
|
61
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1 local st = require "util.stanza"; |
|
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
2 local xmlns_tls = "urn:ietf:params:xml:ns:xmpp-tls"; |
|
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
3 |
|
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
4 function verse.plugins.tls(stream) |
|
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
5 local function handle_features(features_stanza) |
|
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
6 if stream.authenticated then return; end |
|
63
311e61176159
verse.plugins.tls: Fail gracefully when LuaSec not loaded
Matthew Wild <mwild1@gmail.com>
parents:
61
diff
changeset
|
7 if features_stanza:get_child("starttls", xmlns_tls) and stream.conn.starttls then |
|
61
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
8 stream:debug("Negotiating TLS..."); |
|
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
9 stream:send(st.stanza("starttls", { xmlns = xmlns_tls })); |
|
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
10 return true; |
|
67
8154b72591d5
verse.plugins.tls: self -> stream
Matthew Wild <mwild1@gmail.com>
parents:
66
diff
changeset
|
11 elseif not stream.conn.starttls and not stream.secure then |
|
63
311e61176159
verse.plugins.tls: Fail gracefully when LuaSec not loaded
Matthew Wild <mwild1@gmail.com>
parents:
61
diff
changeset
|
12 stream:warn("SSL libary (LuaSec) not loaded, so TLS not available"); |
|
67
8154b72591d5
verse.plugins.tls: self -> stream
Matthew Wild <mwild1@gmail.com>
parents:
66
diff
changeset
|
13 elseif not stream.secure then |
|
61
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
14 stream:debug("Server doesn't offer TLS :("); |
|
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
15 end |
|
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
16 end |
|
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
17 local function handle_tls(tls_status) |
|
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
18 if tls_status.name == "proceed" then |
|
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
19 stream:debug("Server says proceed, handshake starting..."); |
|
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
20 stream.conn:starttls({mode="client", protocol="sslv23", options="no_sslv2"}, true); |
|
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
21 end |
|
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
22 end |
|
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
23 local function handle_status(new_status) |
|
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
24 if new_status == "ssl-handshake-complete" then |
|
67
8154b72591d5
verse.plugins.tls: self -> stream
Matthew Wild <mwild1@gmail.com>
parents:
66
diff
changeset
|
25 stream.secure = true; |
|
61
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
26 stream:debug("Re-opening stream..."); |
|
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
27 stream:reopen(); |
|
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
28 end |
|
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
29 end |
|
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
30 stream:hook("stream-features", handle_features, 400); |
|
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
31 stream:hook("stream/"..xmlns_tls, handle_tls); |
|
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
32 stream:hook("status", handle_status, 400); |
|
66
cd66229bdd7f
verse.plugins.tls: Return true to indicate success loading plugin
Matthew Wild <mwild1@gmail.com>
parents:
65
diff
changeset
|
33 |
|
cd66229bdd7f
verse.plugins.tls: Return true to indicate success loading plugin
Matthew Wild <mwild1@gmail.com>
parents:
65
diff
changeset
|
34 return true; |
|
61
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
35 end |
