Annotate

plugins/tls.lua @ 444:12c1be0044c6

client: Send whitespace keeplives This is to prevent net.server from timing out connections.
author Kim Alvefur <zash@zash.se>
date Sun, 06 Jun 2021 16:43:36 +0200
parent 428:bde804b01f28
child 463:98fe3ed54639
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
250
a5ac643a7fd6 added local verse var to all plugins
mva <mva@mva.name>
parents: 197
diff changeset
1 local verse = require "verse";
a5ac643a7fd6 added local verse var to all plugins
mva <mva@mva.name>
parents: 197
diff changeset
2
61
6adddfdf974b verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
3 local xmlns_tls = "urn:ietf:params:xml:ns:xmpp-tls";
6adddfdf974b verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
4
6adddfdf974b verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
5 function verse.plugins.tls(stream)
6adddfdf974b verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
6 local function handle_features(features_stanza)
6adddfdf974b verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
7 if stream.authenticated then return; end
63
311e61176159 verse.plugins.tls: Fail gracefully when LuaSec not loaded
Matthew Wild <mwild1@gmail.com>
parents: 61
diff changeset
8 if features_stanza:get_child("starttls", xmlns_tls) and stream.conn.starttls then
61
6adddfdf974b verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
9 stream:debug("Negotiating TLS...");
197
7e98cf2c1d8d plugins.*: Use verse.stanza() & co instead of require util.stanza
Kim Alvefur <zash@zash.se>
parents: 67
diff changeset
10 stream:send(verse.stanza("starttls", { xmlns = xmlns_tls }));
61
6adddfdf974b verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
11 return true;
67
8154b72591d5 verse.plugins.tls: self -> stream
Matthew Wild <mwild1@gmail.com>
parents: 66
diff changeset
12 elseif not stream.conn.starttls and not stream.secure then
428
bde804b01f28 Fix typos (thanks Link Mauve and codespell)
Kim Alvefur <zash@zash.se>
parents: 384
diff changeset
13 stream:warn("SSL library (LuaSec) not loaded, so TLS not available");
67
8154b72591d5 verse.plugins.tls: self -> stream
Matthew Wild <mwild1@gmail.com>
parents: 66
diff changeset
14 elseif not stream.secure then
61
6adddfdf974b verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
15 stream:debug("Server doesn't offer TLS :(");
6adddfdf974b verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
16 end
6adddfdf974b verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
17 end
6adddfdf974b verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
18 local function handle_tls(tls_status)
6adddfdf974b verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
19 if tls_status.name == "proceed" then
6adddfdf974b verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
20 stream:debug("Server says proceed, handshake starting...");
384
532a379acfea plugins.tls: Allow configuring TLS options at stream.ssl
Kim Alvefur <zash@zash.se>
parents: 380
diff changeset
21 stream.conn:starttls(stream.ssl or {mode="client", protocol="sslv23", options="no_sslv2",capath="/etc/ssl/certs"}, true);
61
6adddfdf974b verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
22 end
6adddfdf974b verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
23 end
6adddfdf974b verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
24 local function handle_status(new_status)
6adddfdf974b verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
25 if new_status == "ssl-handshake-complete" then
67
8154b72591d5 verse.plugins.tls: self -> stream
Matthew Wild <mwild1@gmail.com>
parents: 66
diff changeset
26 stream.secure = true;
61
6adddfdf974b verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
27 stream:debug("Re-opening stream...");
6adddfdf974b verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
28 stream:reopen();
6adddfdf974b verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
29 end
6adddfdf974b verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
30 end
6adddfdf974b verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
31 stream:hook("stream-features", handle_features, 400);
6adddfdf974b verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
32 stream:hook("stream/"..xmlns_tls, handle_tls);
6adddfdf974b verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
33 stream:hook("status", handle_status, 400);
380
0891b4e27766 Discard trailing whitespace
Kim Alvefur <zash@zash.se>
parents: 250
diff changeset
34
66
cd66229bdd7f verse.plugins.tls: Return true to indicate success loading plugin
Matthew Wild <mwild1@gmail.com>
parents: 65
diff changeset
35 return true;
61
6adddfdf974b verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
36 end