Sat, 21 Aug 2010 14:37:10 +0100
verse.client: Update stream:close() to use base stream:close(), and not add an XMPP-specific :close() to the base stream
61
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1 | local st = require "util.stanza"; |
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
2 | local xmlns_tls = "urn:ietf:params:xml:ns:xmpp-tls"; |
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
3 | |
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
4 | function verse.plugins.tls(stream) |
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
5 | local function handle_features(features_stanza) |
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
6 | if stream.authenticated then return; end |
63
311e61176159
verse.plugins.tls: Fail gracefully when LuaSec not loaded
Matthew Wild <mwild1@gmail.com>
parents:
61
diff
changeset
|
7 | if features_stanza:get_child("starttls", xmlns_tls) and stream.conn.starttls then |
61
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
8 | stream:debug("Negotiating TLS..."); |
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
9 | stream:send(st.stanza("starttls", { xmlns = xmlns_tls })); |
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
10 | return true; |
67
8154b72591d5
verse.plugins.tls: self -> stream
Matthew Wild <mwild1@gmail.com>
parents:
66
diff
changeset
|
11 | elseif not stream.conn.starttls and not stream.secure then |
63
311e61176159
verse.plugins.tls: Fail gracefully when LuaSec not loaded
Matthew Wild <mwild1@gmail.com>
parents:
61
diff
changeset
|
12 | stream:warn("SSL libary (LuaSec) not loaded, so TLS not available"); |
67
8154b72591d5
verse.plugins.tls: self -> stream
Matthew Wild <mwild1@gmail.com>
parents:
66
diff
changeset
|
13 | elseif not stream.secure then |
61
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
14 | stream:debug("Server doesn't offer TLS :("); |
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
15 | end |
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
16 | end |
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
17 | local function handle_tls(tls_status) |
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
18 | if tls_status.name == "proceed" then |
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
19 | stream:debug("Server says proceed, handshake starting..."); |
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
20 | stream.conn:starttls({mode="client", protocol="sslv23", options="no_sslv2"}, true); |
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
21 | end |
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
22 | end |
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
23 | local function handle_status(new_status) |
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
24 | if new_status == "ssl-handshake-complete" then |
67
8154b72591d5
verse.plugins.tls: self -> stream
Matthew Wild <mwild1@gmail.com>
parents:
66
diff
changeset
|
25 | stream.secure = true; |
61
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
26 | stream:debug("Re-opening stream..."); |
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
27 | stream:reopen(); |
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
28 | end |
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
29 | end |
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
30 | stream:hook("stream-features", handle_features, 400); |
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
31 | stream:hook("stream/"..xmlns_tls, handle_tls); |
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
32 | stream:hook("status", handle_status, 400); |
66
cd66229bdd7f
verse.plugins.tls: Return true to indicate success loading plugin
Matthew Wild <mwild1@gmail.com>
parents:
65
diff
changeset
|
33 | |
cd66229bdd7f
verse.plugins.tls: Return true to indicate success loading plugin
Matthew Wild <mwild1@gmail.com>
parents:
65
diff
changeset
|
34 | return true; |
61
6adddfdf974b
verse.plugins.tls: Support for TLS encryption! (thanks Azelphur for the final push)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
35 | end |