local secure_auth = module:get_option_boolean("s2s_secure_auth", false); -- One day...
local secure_domains, insecure_domains =
module:get_option_set("s2s_secure_domains", {})._items, module:get_option_set("s2s_insecure_domains", {})._items;
-local require_encryption = module:get_option_boolean("s2s_require_encryption", secure_auth);
+local require_encryption = module:get_option_boolean("s2s_require_encryption", false);
local sessions = module:shared("sessions");
function make_authenticated(event)
local session, host = event.session, event.host;
if not session.secure then
- if require_encryption or secure_auth or secure_domains[host] then
+ if require_encryption or (secure_auth and not(insecure_domains[host])) or secure_domains[host] then
session:close({
condition = "policy-violation",
text = "Encrypted server-to-server communication is required but was not "
end
end
- session:open_stream()
+ session:open_stream(session.to_host, session.from_host)
if session.version >= 1.0 then
local features = st.stanza("stream:features");
local log = session.log or log;
if session.conn then
if session.notopen then
- session:open_stream()
+ if session.direction == "incoming" then
+ session:open_stream(session.to_host, session.from_host);
+ else
+ session:open_stream(session.from_host, session.to_host);
+ end
end
if reason then -- nil == no err, initiated by us, false == initiated by remote
if type(reason) == "string" then -- assume stream error
end
function session_open_stream(session, from, to)
- local from = from or session.from_host;
- local to = to or session.to_host;
local attr = {
["xmlns:stream"] = 'http://etherx.jabber.org/streams',
xmlns = 'jabber:server',
id = session.streamid,
from = from, to = to,
}
- local local_host = session.direction == "outgoing" and from or to;
- if not local_host or (hosts[local_host] and hosts[local_host].modules.dialback) then
+ if not from or (hosts[from] and hosts[from].modules.dialback) then
attr["xmlns:db"] = 'jabber:server:dialback';
end
projects / prosody.git / blobdiff