# HG changeset patch
# User Waqas Hussain <waqas20@gmail.com>
# Date 1265747782 -18000
# Node ID b70e73872c4d676e1a2b670aceb57891b19a3663
# Parent  8f4d699401328b5146c0c896065e8e254d424c57
mod_tls: Don't advertise TLS after authentication.

diff -r 8f4d69940132 -r b70e73872c4d plugins/mod_tls.lua
--- a/plugins/mod_tls.lua	Wed Feb 10 00:46:04 2010 +0500
+++ b/plugins/mod_tls.lua	Wed Feb 10 01:36:22 2010 +0500
@@ -50,7 +50,7 @@
 local starttls_attr = { xmlns = xmlns_starttls };
 module:add_event_hook("stream-features", 
 		function (session, features)
-			if session.conn.starttls then
+			if not session.username and session.conn.starttls then
 				features:tag("starttls", starttls_attr);
 				if secure_auth_only then
 					features:tag("required"):up():up();
@@ -63,7 +63,7 @@
 module:hook("s2s-stream-features", 
 		function (data)
 			local session, features = data.session, data.features;
-			if session.to_host and session.conn.starttls then
+			if session.to_host and session.type ~= "s2sin" and session.conn.starttls then
 				features:tag("starttls", starttls_attr):up();
 				if secure_s2s_only then
 					features:tag("required"):up():up();