12 local xmlns_starttls = 'urn:ietf:params:xml:ns:xmpp-tls'; |
12 local xmlns_starttls = 'urn:ietf:params:xml:ns:xmpp-tls'; |
13 |
13 |
14 local secure_auth_only = module:get_option("c2s_require_encryption") or module:get_option("require_encryption"); |
14 local secure_auth_only = module:get_option("c2s_require_encryption") or module:get_option("require_encryption"); |
15 local secure_s2s_only = module:get_option("s2s_require_encryption"); |
15 local secure_s2s_only = module:get_option("s2s_require_encryption"); |
16 |
16 |
|
17 local host = hosts[module.host]; |
|
18 |
17 module:add_handler("c2s_unauthed", "starttls", xmlns_starttls, |
19 module:add_handler("c2s_unauthed", "starttls", xmlns_starttls, |
18 function (session, stanza) |
20 function (session, stanza) |
19 if session.conn.starttls then |
21 if session.conn.starttls and host.ssl_ctx_in then |
20 session.send(st.stanza("proceed", { xmlns = xmlns_starttls })); |
22 session.send(st.stanza("proceed", { xmlns = xmlns_starttls })); |
21 session:reset_stream(); |
23 session:reset_stream(); |
22 if session.host and hosts[session.host].ssl_ctx_in then |
24 if session.host and hosts[session.host].ssl_ctx_in then |
23 session.conn.set_sslctx(hosts[session.host].ssl_ctx_in); |
25 session.conn.set_sslctx(hosts[session.host].ssl_ctx_in); |
24 end |
26 end |
32 end |
34 end |
33 end); |
35 end); |
34 |
36 |
35 module:add_handler("s2sin_unauthed", "starttls", xmlns_starttls, |
37 module:add_handler("s2sin_unauthed", "starttls", xmlns_starttls, |
36 function (session, stanza) |
38 function (session, stanza) |
37 if session.conn.starttls then |
39 if session.conn.starttls and host.ssl_ctx_in then |
38 session.sends2s(st.stanza("proceed", { xmlns = xmlns_starttls })); |
40 session.sends2s(st.stanza("proceed", { xmlns = xmlns_starttls })); |
39 session:reset_stream(); |
41 session:reset_stream(); |
40 if session.to_host and hosts[session.to_host].ssl_ctx_in then |
42 if session.to_host and hosts[session.to_host].ssl_ctx_in then |
41 session.conn.set_sslctx(hosts[session.to_host].ssl_ctx_in); |
43 session.conn.set_sslctx(hosts[session.to_host].ssl_ctx_in); |
42 end |
44 end |