plugins/tls.lua@8154b72591d5 (annotated)
plugins/tls.lua
Tue, 11 May 2010 23:19:01 +0100
- author
- Matthew Wild <mwild1@gmail.com>
- date
- Tue, 11 May 2010 23:19:01 +0100
- changeset 67
- 8154b72591d5
- parent 66
- cd66229bdd7f
- child 197
- 7e98cf2c1d8d
- permissions
- -rw-r--r--
verse.plugins.tls: self -> stream
|
61
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1 | local st = require "util.stanza"; |
|
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
2 | local xmlns_tls = "urn:ietf:params:xml:ns:xmpp-tls"; |
|
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
3 | |
|
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
4 | function verse.plugins.tls(stream) |
|
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
5 | local function handle_features(features_stanza) |
|
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
6 | if stream.authenticated then return; end |
|
63
311e61176159
verse.plugins.tls: Fail gracefully when LuaSec not loaded
Matthew Wild <mwild1@gmail.com>
parents:
61
diff
changeset
|
7 | if features_stanza:get_child("starttls", xmlns_tls) and stream.conn.starttls then |
|
61
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
8 | stream:debug("Negotiating TLS..."); |
|
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
9 | stream:send(st.stanza("starttls", { xmlns = xmlns_tls })); |
|
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
10 | return true; |
|
67
8154b72591d5
verse.plugins.tls: self -> stream
Matthew Wild <mwild1@gmail.com>
parents:
66
diff
changeset
|
11 | elseif not stream.conn.starttls and not stream.secure then |
|
63
311e61176159
verse.plugins.tls: Fail gracefully when LuaSec not loaded
Matthew Wild <mwild1@gmail.com>
parents:
61
diff
changeset
|
12 | stream:warn("SSL libary (LuaSec) not loaded, so TLS not available"); |
|
67
8154b72591d5
verse.plugins.tls: self -> stream
Matthew Wild <mwild1@gmail.com>
parents:
66
diff
changeset
|
13 | elseif not stream.secure then |
|
61
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
14 | stream:debug("Server doesn't offer TLS :("); |
|
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
15 | end |
|
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
16 | end |
|
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
17 | local function handle_tls(tls_status) |
|
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
18 | if tls_status.name == "proceed" then |
|
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
19 | stream:debug("Server says proceed, handshake starting..."); |
|
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
20 | stream.conn:starttls({mode="client", protocol="sslv23", options="no_sslv2"}, true); |
|
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
21 | end |
|
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
22 | end |
|
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
23 | local function handle_status(new_status) |
|
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
24 | if new_status == "ssl-handshake-complete" then |
|
67
8154b72591d5
verse.plugins.tls: self -> stream
Matthew Wild <mwild1@gmail.com>
parents:
66
diff
changeset
|
25 | stream.secure = true; |
|
61
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
26 | stream:debug("Re-opening stream..."); |
|
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
27 | stream:reopen(); |
|
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
28 | end |
|
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
29 | end |
|
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
30 | stream:hook("stream-features", handle_features, 400); |
|
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
31 | stream:hook("stream/"..xmlns_tls, handle_tls); |
|
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
32 | stream:hook("status", handle_status, 400); |
|
66
cd66229bdd7f
verse.plugins.tls: Return true to indicate success loading plugin
Matthew Wild <mwild1@gmail.com>
parents:
65
diff
changeset
|
33 | |
|
cd66229bdd7f
verse.plugins.tls: Return true to indicate success loading plugin
Matthew Wild <mwild1@gmail.com>
parents:
65
diff
changeset
|
34 | return true; |
|
61
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
35 | end |
