projects / prosody.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Makefile: Remove fallbacks/
[prosody.git] / core / s2smanager.lua
diff --git a/core/s2smanager.lua b/core/s2smanager.lua
index a24f2b2d0f261f38c3da8335ab1400463a311eb2..602d6837bc1a9bd23471921dd09cdb8f7d1cbaf8 100644 (file)
--- a/core/s2smanager.lua
+++ b/core/s2smanager.lua
@@ -181,7 +181,6 @@ function new_outgoing(from_host, to_host, connect)
                                buffer[#buffer+1] = data;
                                log("debug", "Buffered item %d: %s", #buffer, tostring(data));
                        end
-                       
                end
 
                return host_session;
@@ -308,6 +307,11 @@ function make_connect(host_session, connect_host, connect_port)
        local from_host, to_host = host_session.from_host, host_session.to_host;
        
        local conn, handler = socket.tcp()
+       
+       if not conn then
+               log("warn", "Failed to create outgoing connection, system error: %s", handler);
+               return false, handler;
+       end
 
        conn:settimeout(0);
        local success, err = conn:connect(connect_host, connect_port);
@@ -317,7 +321,7 @@ function make_connect(host_session, connect_host, connect_port)
        end
        
        local cl = connlisteners_get("xmppserver");
-       conn = wrapclient(conn, connect_host, connect_port, cl, cl.default_mode or 1, hosts[from_host].ssl_ctx, false );
+       conn = wrapclient(conn, connect_host, connect_port, cl, cl.default_mode or 1 );
        host_session.conn = conn;
        
        -- Register this outgoing connection so that xmppserver_listener knows about it
@@ -385,7 +389,7 @@ function streamopened(session, attr)
                        local features = st.stanza("stream:features");
                        
                        if session.to_host then
-                               hosts[session.to_host].events.fire_event("s2s-stream-features", { session = session, features = features });
+                               hosts[session.to_host].events.fire_event("s2s-stream-features", { origin = session, features = features });
                        else
                                (session.log or log)("warn", "No 'to' on stream header from %s means we can't offer any features", session.from_host or "unknown host");
                        end
@@ -449,6 +453,16 @@ function verify_dialback(id, to, from, key)
 end
 
 function make_authenticated(session, host)
+       if not session.secure then
+               local local_host = session.direction == "incoming" and session.to_host or session.from_host;
+               if config.get(local_host, "core", "s2s_require_encryption") then
+                       session:close({
+                               condition = "policy-violation",
+                               text = "Encrypted server-to-server communication is required but was not "
+                                      ..((session.direction == "outgoing" and "offered") or "used")
+                       });
+               end
+       end
        if session.type == "s2sout_unauthed" then
                session.type = "s2sout";
        elseif session.type == "s2sin_unauthed" then
@@ -494,6 +508,8 @@ function mark_connected(session)
        end
 end
 
+local function null_data_handler(conn, data) log("debug", "Discarding data from destroyed s2s session: %s", data); end
+
 function destroy_session(session, reason)
        (session.log or log)("info", "Destroying "..tostring(session.direction).." session "..tostring(session.from_host).."->"..tostring(session.to_host));
        
@@ -509,6 +525,7 @@ function destroy_session(session, reason)
                        session[k] = nil;
                end
        end
+       session.data = null_data_handler;
 end
 
 return _M;