18 function (session, stanza) |
18 function (session, stanza) |
19 if session.conn.starttls then |
19 if session.conn.starttls then |
20 session.send(st.stanza("proceed", { xmlns = xmlns_starttls })); |
20 session.send(st.stanza("proceed", { xmlns = xmlns_starttls })); |
21 session:reset_stream(); |
21 session:reset_stream(); |
22 if session.host and hosts[session.host].ssl_ctx_in then |
22 if session.host and hosts[session.host].ssl_ctx_in then |
23 session.conn.set_sslctx(hosts[session.host].ssl_ctx_in); |
23 session.conn:set_sslctx(hosts[session.host].ssl_ctx_in); |
24 end |
24 end |
25 session.conn.starttls(); |
25 session.conn:starttls(); |
26 session.log("info", "TLS negotiation started..."); |
26 session.log("info", "TLS negotiation started..."); |
27 session.secure = false; |
27 session.secure = false; |
28 else |
28 else |
29 -- FIXME: What reply? |
29 -- FIXME: What reply? |
30 session.log("warn", "Attempt to start TLS, but TLS is not available on this connection"); |
30 session.log("warn", "Attempt to start TLS, but TLS is not available on this connection"); |
35 function (session, stanza) |
35 function (session, stanza) |
36 if session.conn.starttls then |
36 if session.conn.starttls then |
37 session.sends2s(st.stanza("proceed", { xmlns = xmlns_starttls })); |
37 session.sends2s(st.stanza("proceed", { xmlns = xmlns_starttls })); |
38 session:reset_stream(); |
38 session:reset_stream(); |
39 if session.to_host and hosts[session.to_host].ssl_ctx_in then |
39 if session.to_host and hosts[session.to_host].ssl_ctx_in then |
40 session.conn.set_sslctx(hosts[session.to_host].ssl_ctx_in); |
40 session.conn:set_sslctx(hosts[session.to_host].ssl_ctx_in); |
41 end |
41 end |
42 session.conn.starttls(); |
42 session.conn:starttls(); |
43 session.log("info", "TLS negotiation started for incoming s2s..."); |
43 session.log("info", "TLS negotiation started for incoming s2s..."); |
44 session.secure = false; |
44 session.secure = false; |
45 else |
45 else |
46 -- FIXME: What reply? |
46 -- FIXME: What reply? |
47 session.log("warn", "Attempt to start TLS, but TLS is not available on this s2s connection"); |
47 session.log("warn", "Attempt to start TLS, but TLS is not available on this s2s connection"); |
89 module:hook_stanza(xmlns_starttls, "proceed", |
89 module:hook_stanza(xmlns_starttls, "proceed", |
90 function (session, stanza) |
90 function (session, stanza) |
91 module:log("debug", "Proceeding with TLS on s2sout..."); |
91 module:log("debug", "Proceeding with TLS on s2sout..."); |
92 local format, to_host, from_host = string.format, session.to_host, session.from_host; |
92 local format, to_host, from_host = string.format, session.to_host, session.from_host; |
93 session:reset_stream(); |
93 session:reset_stream(); |
94 session.conn.starttls(true); |
94 session.conn:starttls(true); |
95 session.secure = false; |
95 session.secure = false; |
96 return true; |
96 return true; |
97 end); |
97 end); |