Mercurial > lxmppd-hg-xmllex / file comparison
comparison: plugins/mod_tls.lua
plugins/mod_tls.lua
- changeset 2542
- 0a78847b38e2
- parent 2105
- 6425bc039430
- child 2543
- da16a5c0df85
equal
deleted
inserted
replaced
| 2541:2febd008214e | 2542:0a78847b38e2 |
|---|---|
| 12 local xmlns_starttls = 'urn:ietf:params:xml:ns:xmpp-tls'; | 12 local xmlns_starttls = 'urn:ietf:params:xml:ns:xmpp-tls'; |
| 13 | 13 |
| 14 local secure_auth_only = module:get_option("c2s_require_encryption") or module:get_option("require_encryption"); | 14 local secure_auth_only = module:get_option("c2s_require_encryption") or module:get_option("require_encryption"); |
| 15 local secure_s2s_only = module:get_option("s2s_require_encryption"); | 15 local secure_s2s_only = module:get_option("s2s_require_encryption"); |
| 16 | 16 |
| 17 local global_ssl_ctx = prosody.global_ssl_ctx; | |
| 18 | |
| 17 module:add_handler("c2s_unauthed", "starttls", xmlns_starttls, | 19 module:add_handler("c2s_unauthed", "starttls", xmlns_starttls, |
| 18 function (session, stanza) | 20 function (session, stanza) |
| 19 if session.conn.starttls then | 21 if session.conn.starttls then |
| 20 session.send(st.stanza("proceed", { xmlns = xmlns_starttls })); | 22 session.send(st.stanza("proceed", { xmlns = xmlns_starttls })); |
| 21 session:reset_stream(); | 23 session:reset_stream(); |
| 22 if session.host and hosts[session.host].ssl_ctx_in then | 24 local ssl_ctx = session.host and hosts[session.host].ssl_ctx_in or global_ssl_ctx; |
| 23 session.conn:set_sslctx(hosts[session.host].ssl_ctx_in); | 25 session.conn:starttls(ssl_ctx); |
| 24 end | |
| 25 session.conn:starttls(); | |
| 26 session.log("info", "TLS negotiation started..."); | 26 session.log("info", "TLS negotiation started..."); |
| 27 session.secure = false; | 27 session.secure = false; |
| 28 else | 28 else |
| 29 -- FIXME: What reply? | 29 -- FIXME: What reply? |
| 30 session.log("warn", "Attempt to start TLS, but TLS is not available on this connection"); | 30 session.log("warn", "Attempt to start TLS, but TLS is not available on this connection"); |
| 34 module:add_handler("s2sin_unauthed", "starttls", xmlns_starttls, | 34 module:add_handler("s2sin_unauthed", "starttls", xmlns_starttls, |
| 35 function (session, stanza) | 35 function (session, stanza) |
| 36 if session.conn.starttls then | 36 if session.conn.starttls then |
| 37 session.sends2s(st.stanza("proceed", { xmlns = xmlns_starttls })); | 37 session.sends2s(st.stanza("proceed", { xmlns = xmlns_starttls })); |
| 38 session:reset_stream(); | 38 session:reset_stream(); |
| 39 if session.to_host and hosts[session.to_host].ssl_ctx_in then | 39 local ssl_ctx = session.to_host and hosts[session.to_host].ssl_ctx_in or global_ssl_ctx; |
| 40 session.conn:set_sslctx(hosts[session.to_host].ssl_ctx_in); | 40 session.conn:starttls(ssl_ctx); |
| 41 end | |
| 42 session.conn:starttls(); | |
| 43 session.log("info", "TLS negotiation started for incoming s2s..."); | 41 session.log("info", "TLS negotiation started for incoming s2s..."); |
| 44 session.secure = false; | 42 session.secure = false; |
| 45 else | 43 else |
| 46 -- FIXME: What reply? | 44 -- FIXME: What reply? |
| 47 session.log("warn", "Attempt to start TLS, but TLS is not available on this s2s connection"); | 45 session.log("warn", "Attempt to start TLS, but TLS is not available on this s2s connection"); |
