Annotate

plugins/tls.lua @ 501:419c248919e8

util.dataforms: Remove local copy The main difference was the from_stanza() function, which was used in by 'clix adhoc', so moving it there seems sensible. Maybe reconsider upstreaming it to Prosody, but it's not used anywhere there.
author Kim Alvefur <zash@zash.se>
date Fri, 23 Jun 2023 12:38:58 +0200
parent 463:98fe3ed54639
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
250
a5ac643a7fd6 added local verse var to all plugins
mva <mva@mva.name>
parents: 197
diff changeset
1 local verse = require "verse";
a5ac643a7fd6 added local verse var to all plugins
mva <mva@mva.name>
parents: 197
diff changeset
2
61
6adddfdf974b verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
3 local xmlns_tls = "urn:ietf:params:xml:ns:xmpp-tls";
6adddfdf974b verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
4
6adddfdf974b verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
5 function verse.plugins.tls(stream)
6adddfdf974b verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
6 local function handle_features(features_stanza)
6adddfdf974b verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
7 if stream.authenticated then return; end
63
311e61176159 verse.plugins.tls: Fail gracefully when LuaSec not loaded
Matthew Wild <mwild1@gmail.com>
parents: 61
diff changeset
8 if features_stanza:get_child("starttls", xmlns_tls) and stream.conn.starttls then
61
6adddfdf974b verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
9 stream:debug("Negotiating TLS...");
197
7e98cf2c1d8d plugins.*: Use verse.stanza() & co instead of require util.stanza
Kim Alvefur <zash@zash.se>
parents: 67
diff changeset
10 stream:send(verse.stanza("starttls", { xmlns = xmlns_tls }));
61
6adddfdf974b verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
11 return true;
67
8154b72591d5 verse.plugins.tls: self -> stream
Matthew Wild <mwild1@gmail.com>
parents: 66
diff changeset
12 elseif not stream.conn.starttls and not stream.secure then
428
bde804b01f28 Fix typos (thanks Link Mauve and codespell)
Kim Alvefur <zash@zash.se>
parents: 384
diff changeset
13 stream:warn("SSL library (LuaSec) not loaded, so TLS not available");
67
8154b72591d5 verse.plugins.tls: self -> stream
Matthew Wild <mwild1@gmail.com>
parents: 66
diff changeset
14 elseif not stream.secure then
61
6adddfdf974b verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
15 stream:debug("Server doesn't offer TLS :(");
6adddfdf974b verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
16 end
6adddfdf974b verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
17 end
6adddfdf974b verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
18 local function handle_tls(tls_status)
6adddfdf974b verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
19 if tls_status.name == "proceed" then
6adddfdf974b verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
20 stream:debug("Server says proceed, handshake starting...");
463
98fe3ed54639 Update to new tls_builder() API in net.server upstream
Matthew Wild <mwild1@gmail.com>
parents: 428
diff changeset
21 local sslctx = verse.tls_builder(".")
98fe3ed54639 Update to new tls_builder() API in net.server upstream
Matthew Wild <mwild1@gmail.com>
parents: 428
diff changeset
22 :apply({mode="client", protocol="sslv23", options="no_sslv2",capath="/etc/ssl/certs"})
98fe3ed54639 Update to new tls_builder() API in net.server upstream
Matthew Wild <mwild1@gmail.com>
parents: 428
diff changeset
23 :apply(stream.ssl or {});
98fe3ed54639 Update to new tls_builder() API in net.server upstream
Matthew Wild <mwild1@gmail.com>
parents: 428
diff changeset
24 stream.conn:starttls(sslctx:build(), true);
61
6adddfdf974b verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
25 end
6adddfdf974b verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
26 end
6adddfdf974b verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
27 local function handle_status(new_status)
6adddfdf974b verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
28 if new_status == "ssl-handshake-complete" then
67
8154b72591d5 verse.plugins.tls: self -> stream
Matthew Wild <mwild1@gmail.com>
parents: 66
diff changeset
29 stream.secure = true;
61
6adddfdf974b verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
30 stream:debug("Re-opening stream...");
6adddfdf974b verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
31 stream:reopen();
6adddfdf974b verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
32 end
6adddfdf974b verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
33 end
6adddfdf974b verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
34 stream:hook("stream-features", handle_features, 400);
6adddfdf974b verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
35 stream:hook("stream/"..xmlns_tls, handle_tls);
6adddfdf974b verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
36 stream:hook("status", handle_status, 400);
380
0891b4e27766 Discard trailing whitespace
Kim Alvefur <zash@zash.se>
parents: 250
diff changeset
37
66
cd66229bdd7f verse.plugins.tls: Return true to indicate success loading plugin
Matthew Wild <mwild1@gmail.com>
parents: 65
diff changeset
38 return true;
61
6adddfdf974b verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
39 end