8 |
8 |
9 local st = require "util.stanza"; |
9 local st = require "util.stanza"; |
10 |
10 |
11 local secure_auth_only = module:get_option("c2s_require_encryption") or module:get_option("require_encryption"); |
11 local secure_auth_only = module:get_option("c2s_require_encryption") or module:get_option("require_encryption"); |
12 local secure_s2s_only = module:get_option("s2s_require_encryption"); |
12 local secure_s2s_only = module:get_option("s2s_require_encryption"); |
|
13 local allow_s2s_tls = module:get_option("s2s_allow_encryption") ~= false; |
13 |
14 |
14 local xmlns_starttls = 'urn:ietf:params:xml:ns:xmpp-tls'; |
15 local xmlns_starttls = 'urn:ietf:params:xml:ns:xmpp-tls'; |
15 local starttls_attr = { xmlns = xmlns_starttls }; |
16 local starttls_attr = { xmlns = xmlns_starttls }; |
16 local starttls_proceed = st.stanza("proceed", starttls_attr); |
17 local starttls_proceed = st.stanza("proceed", starttls_attr); |
17 local starttls_failure = st.stanza("failure", starttls_attr); |
18 local starttls_failure = st.stanza("failure", starttls_attr); |
25 local host = hosts[module.host]; |
26 local host = hosts[module.host]; |
26 |
27 |
27 local function can_do_tls(session) |
28 local function can_do_tls(session) |
28 if session.type == "c2s_unauthed" then |
29 if session.type == "c2s_unauthed" then |
29 return session.conn.starttls and host.ssl_ctx_in; |
30 return session.conn.starttls and host.ssl_ctx_in; |
30 elseif session.type == "s2sin_unauthed" then |
31 elseif session.type == "s2sin_unauthed" and allow_s2s_tls then |
31 return session.conn.starttls and host.ssl_ctx_in; |
32 return session.conn.starttls and host.ssl_ctx_in; |
32 elseif session.direction == "outgoing" then |
33 elseif session.direction == "outgoing" and allow_s2s_tls then |
33 return session.conn.starttls and host.ssl_ctx; |
34 return session.conn.starttls and host.ssl_ctx; |
34 end |
35 end |
35 return false; |
36 return false; |
36 end |
37 end |
37 |
38 |