Mercurial > lxmppd-hg-xmllex / changeset
changeset
mod_tls: Advertise and handle TLS for s2s connections
Sun, 04 Oct 2009 14:06:45 +0100
- author
- Matthew Wild <mwild1@gmail.com>
- date
- Sun, 04 Oct 2009 14:06:45 +0100
- changeset 1875
- 334383faf77b
- parent 1874
- 262ea889016f
- child 1876
- 6d33e0521667
mod_tls: Advertise and handle TLS for s2s connections
| plugins/mod_tls.lua | file | annotate | diff | comparison | revisions |
--- a/plugins/mod_tls.lua Sun Oct 04 14:03:08 2009 +0100 +++ b/plugins/mod_tls.lua Sun Oct 04 14:06:45 2009 +0100 @@ -8,7 +8,8 @@ local st = require "util.stanza"; -local xmlns_starttls ='urn:ietf:params:xml:ns:xmpp-tls'; +local xmlns_stream = 'http://etherx.jabber.org/streams'; +local xmlns_starttls = 'urn:ietf:params:xml:ns:xmpp-tls'; local secure_auth_only = module:get_option("require_encryption"); @@ -26,6 +27,20 @@ end end); +module:add_handler("s2sin_unauthed", "starttls", xmlns_starttls, + function (session, stanza) + if session.conn.starttls then + session.sends2s(st.stanza("proceed", { xmlns = xmlns_starttls })); + session:reset_stream(); + session.conn.starttls(); + session.log("info", "TLS negotiation started for incoming s2s..."); + else + -- FIXME: What reply? + session.log("warn", "Attempt to start TLS, but TLS is not available on this s2s connection"); + end + end); + + local starttls_attr = { xmlns = xmlns_starttls }; module:add_event_hook("stream-features", function (session, features) @@ -38,3 +53,30 @@ end end end); + +module:add_event_hook("s2s-stream-features", + function (session, features) + if session.conn.starttls then + --features:tag("starttls", starttls_attr):up(); + end + end); + +-- For s2sout connections, start TLS if we can +module:hook_stanza(xmlns_stream, "features", + function (session, stanza) + module:log("debug", "Received features element"); + if stanza:child_with_ns(xmlns_starttls) then + module:log("%s is offering TLS, taking up the offer...", session.to_host); + session.sends2s("<starttls xmlns='"..xmlns_starttls.."'/>"); + return true; + end + end, 500); + +module:hook_stanza(xmlns_starttls, "proceed", + function (session, stanza) + module:log("debug", "Proceeding with TLS on s2sout..."); + local format, to_host, from_host = string.format, session.to_host, session.from_host; + session:reset_stream(); + session.conn.starttls(true); + return true; + end);
