projects
/
prosody.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
util.hmac: Convert spaces to tabs
[prosody.git]
/
plugins
/
mod_tls.lua
diff --git
a/plugins/mod_tls.lua
b/plugins/mod_tls.lua
index b382f318dea9b060722513645d4c57930904e9d1..dc291278e7ca267e7f18d11ec8763bad4a8cb1da 100644
(file)
--- a/
plugins/mod_tls.lua
+++ b/
plugins/mod_tls.lua
@@
-12,6
+12,9
@@
local st = require "util.stanza";
local xmlns_starttls ='urn:ietf:params:xml:ns:xmpp-tls';
local xmlns_starttls ='urn:ietf:params:xml:ns:xmpp-tls';
+local config = require "core.configmanager";
+local secure_auth_only = config.get("*", "core", "require_encryption");
+
module:add_handler("c2s_unauthed", "starttls", xmlns_starttls,
function (session, stanza)
if session.conn.starttls then
module:add_handler("c2s_unauthed", "starttls", xmlns_starttls,
function (session, stanza)
if session.conn.starttls then
@@
-19,6
+22,7
@@
module:add_handler("c2s_unauthed", "starttls", xmlns_starttls,
session:reset_stream();
session.conn.starttls();
session.log("info", "TLS negotiation started...");
session:reset_stream();
session.conn.starttls();
session.log("info", "TLS negotiation started...");
+ session.secure = false;
else
-- FIXME: What reply?
session.log("warn", "Attempt to start TLS, but TLS is not available on this connection");
else
-- FIXME: What reply?
session.log("warn", "Attempt to start TLS, but TLS is not available on this connection");
@@
-29,6
+33,11
@@
local starttls_attr = { xmlns = xmlns_starttls };
module:add_event_hook("stream-features",
function (session, features)
if session.conn.starttls then
module:add_event_hook("stream-features",
function (session, features)
if session.conn.starttls then
- features:tag("starttls", starttls_attr):up();
+ features:tag("starttls", starttls_attr);
+ if secure_auth_only then
+ features:tag("required"):up():up();
+ else
+ features:up();
+ end
end
end);
end
end);