# HG changeset patch
# User Matthew Wild <mwild1@gmail.com>
# Date 1266340543 0
# Node ID 07a6f5f9d4beba8efd957377f8b182a4f5c5cfcd
# Parent  cbc58fc170adfbc8c398a1f16d8724da4f9e2719
mod_tls: Only negotiate TLS on outgoing s2s connections if we have an SSL context (thanks Flo...)

diff -r cbc58fc170ad -r 07a6f5f9d4be plugins/mod_tls.lua
--- a/plugins/mod_tls.lua	Tue Feb 16 15:05:18 2010 +0000
+++ b/plugins/mod_tls.lua	Tue Feb 16 17:15:43 2010 +0000
@@ -29,6 +29,8 @@
 		return session.conn.starttls and host.ssl_ctx_in;
 	elseif session.type == "s2sin_unauthed" then
 		return session.conn.starttls and host.ssl_ctx_in;
+	elseif session.direction == "outgoing" then
+		return session.conn.starttls and host.ssl_ctx;
 	end
 	return false;
 end
@@ -69,7 +71,7 @@
 -- For s2sout connections, start TLS if we can
 module:hook_stanza("http://etherx.jabber.org/streams", "features", function (session, stanza)
 	module:log("debug", "Received features element");
-	if session.conn.starttls and stanza:child_with_ns(xmlns_starttls) then
+	if can_do_tls(session) and stanza:child_with_ns(xmlns_starttls) then
 		module:log("%s is offering TLS, taking up the offer...", session.to_host);
 		session.sends2s("<starttls xmlns='"..xmlns_starttls.."'/>");
 		return true;