Mercurial > lxmppd-hg-xmllex / file comparison
comparison: plugins/mod_tls.lua
plugins/mod_tls.lua
- changeset 2877
- 1edeb8fe7d14
- parent 2802
- ded1c649484a
- parent 2872
- cdc292d201fc
- child 2923
- b7049746bd29
equal
deleted
inserted
replaced
| 2813:46dfcc33ea9e | 2877:1edeb8fe7d14 |
|---|---|
| 12 local xmlns_starttls = 'urn:ietf:params:xml:ns:xmpp-tls'; | 12 local xmlns_starttls = 'urn:ietf:params:xml:ns:xmpp-tls'; |
| 13 | 13 |
| 14 local secure_auth_only = module:get_option("c2s_require_encryption") or module:get_option("require_encryption"); | 14 local secure_auth_only = module:get_option("c2s_require_encryption") or module:get_option("require_encryption"); |
| 15 local secure_s2s_only = module:get_option("s2s_require_encryption"); | 15 local secure_s2s_only = module:get_option("s2s_require_encryption"); |
| 16 | 16 |
| 17 local host = hosts[module.host]; | |
| 18 | |
| 17 module:add_handler("c2s_unauthed", "starttls", xmlns_starttls, | 19 module:add_handler("c2s_unauthed", "starttls", xmlns_starttls, |
| 18 function (session, stanza) | 20 function (session, stanza) |
| 19 if session.conn.starttls then | 21 if session.conn.starttls and host.ssl_ctx_in then |
| 20 session.send(st.stanza("proceed", { xmlns = xmlns_starttls })); | 22 session.send(st.stanza("proceed", { xmlns = xmlns_starttls })); |
| 21 session:reset_stream(); | 23 session:reset_stream(); |
| 22 if session.host and hosts[session.host].ssl_ctx_in then | 24 if session.host and hosts[session.host].ssl_ctx_in then |
| 23 session.conn.set_sslctx(hosts[session.host].ssl_ctx_in); | 25 session.conn.set_sslctx(hosts[session.host].ssl_ctx_in); |
| 24 end | 26 end |
| 25 session.conn.starttls(); | 27 session.conn.starttls(); |
| 26 session.log("info", "TLS negotiation started..."); | 28 session.log("info", "TLS negotiation started..."); |
| 27 session.secure = false; | 29 session.secure = false; |
| 28 else | 30 else |
| 29 -- FIXME: What reply? | |
| 30 session.log("warn", "Attempt to start TLS, but TLS is not available on this connection"); | 31 session.log("warn", "Attempt to start TLS, but TLS is not available on this connection"); |
| 32 (session.sends2s or session.send)(st.stanza("failure", { xmlns = xmlns_starttls })); | |
| 33 session:close(); | |
| 31 end | 34 end |
| 32 end); | 35 end); |
| 33 | 36 |
| 34 module:add_handler("s2sin_unauthed", "starttls", xmlns_starttls, | 37 module:add_handler("s2sin_unauthed", "starttls", xmlns_starttls, |
| 35 function (session, stanza) | 38 function (session, stanza) |
| 36 if session.conn.starttls then | 39 if session.conn.starttls and host.ssl_ctx_in then |
| 37 session.sends2s(st.stanza("proceed", { xmlns = xmlns_starttls })); | 40 session.sends2s(st.stanza("proceed", { xmlns = xmlns_starttls })); |
| 38 session:reset_stream(); | 41 session:reset_stream(); |
| 39 if session.to_host and hosts[session.to_host].ssl_ctx_in then | 42 if session.to_host and hosts[session.to_host].ssl_ctx_in then |
| 40 session.conn.set_sslctx(hosts[session.to_host].ssl_ctx_in); | 43 session.conn.set_sslctx(hosts[session.to_host].ssl_ctx_in); |
| 41 end | 44 end |
| 42 session.conn.starttls(); | 45 session.conn.starttls(); |
| 43 session.log("info", "TLS negotiation started for incoming s2s..."); | 46 session.log("info", "TLS negotiation started for incoming s2s..."); |
| 44 session.secure = false; | 47 session.secure = false; |
| 45 else | 48 else |
| 46 -- FIXME: What reply? | |
| 47 session.log("warn", "Attempt to start TLS, but TLS is not available on this s2s connection"); | 49 session.log("warn", "Attempt to start TLS, but TLS is not available on this s2s connection"); |
| 50 (session.sends2s or session.send)(st.stanza("failure", { xmlns = xmlns_starttls })); | |
| 51 session:close(); | |
| 48 end | 52 end |
| 49 end); | 53 end); |
| 50 | 54 |
| 51 | 55 |
| 52 local starttls_attr = { xmlns = xmlns_starttls }; | 56 local starttls_attr = { xmlns = xmlns_starttls }; |
| 64 | 68 |
| 65 module:hook("s2s-stream-features", | 69 module:hook("s2s-stream-features", |
| 66 function (data) | 70 function (data) |
| 67 local session, features = data.session, data.features; | 71 local session, features = data.session, data.features; |
| 68 if session.to_host and session.conn.starttls then | 72 if session.to_host and session.conn.starttls then |
| 69 features:tag("starttls", starttls_attr):up(); | 73 features:tag("starttls", starttls_attr); |
| 70 if secure_s2s_only then | 74 if secure_s2s_only then |
| 71 features:tag("required"):up():up(); | 75 features:tag("required"):up():up(); |
| 72 else | 76 else |
| 73 features:up(); | 77 features:up(); |
| 74 end | 78 end |
