mod_tls: Fixed an extra :up() in s2s stream feature generation.

[prosody.git] / plugins / mod_tls.lua

diff --git a/plugins/mod_tls.lua b/plugins/mod_tls.lua
index 7153e48a32b31364601e6f695ac4bfebf9147204..3a5940b909d9e47f9deecfc393063193cfe24954 100644 (file)
--- a/plugins/mod_tls.lua
+++ b/plugins/mod_tls.lua
@@ -16,35 +16,23 @@ local secure_s2s_only = module:get_option("s2s_require_encryption");
 
 local global_ssl_ctx = prosody.global_ssl_ctx;
 
-module:add_handler("c2s_unauthed", "starttls", xmlns_starttls,
-               function (session, stanza)
-                       if session.conn.starttls then
-                               session.send(st.stanza("proceed", { xmlns = xmlns_starttls }));
-                               session:reset_stream();
-                               local ssl_ctx = session.host and hosts[session.host].ssl_ctx_in or global_ssl_ctx;
-                               session.conn:starttls(ssl_ctx);
-                               session.log("info", "TLS negotiation started...");
-                               session.secure = false;
-                       else
-                               -- FIXME: What reply?
-                               session.log("warn", "Attempt to start TLS, but TLS is not available on this connection");
-                       end
-               end);
-               
-module:add_handler("s2sin_unauthed", "starttls", xmlns_starttls,
-               function (session, stanza)
-                       if session.conn.starttls then
-                               session.sends2s(st.stanza("proceed", { xmlns = xmlns_starttls }));
-                               session:reset_stream();
-                               local ssl_ctx = session.to_host and hosts[session.to_host].ssl_ctx_in or global_ssl_ctx;
-                               session.conn:starttls(ssl_ctx);
-                               session.log("info", "TLS negotiation started for incoming s2s...");
-                               session.secure = false;
-                       else
-                               -- FIXME: What reply?
-                               session.log("warn", "Attempt to start TLS, but TLS is not available on this s2s connection");
-                       end
-               end);
+module:hook("stanza/urn:ietf:params:xml:ns:xmpp-tls:starttls", function(event)
+       local origin = event.origin;
+       if origin.conn.starttls then
+               (origin.sends2s or origin.send)(st.stanza("proceed", { xmlns = xmlns_starttls }));
+               origin:reset_stream();
+               local host = origin.to_host or origin.host;
+               local ssl_ctx = host and hosts[host].ssl_ctx_in or global_ssl_ctx;
+               origin.conn:starttls(ssl_ctx);
+               origin.log("info", "TLS negotiation started for %s...", origin.type);
+               origin.secure = false;
+       else
+               origin.log("warn", "Attempt to start TLS, but TLS is not available on this %s connection", origin.type);
+               (origin.sends2s or origin.send)(st.stanza("failure", { xmlns = xmlns_starttls }));
+               origin:close();
+       end
+       return true;
+end);
 
 
 local starttls_attr = { xmlns = xmlns_starttls };
@@ -64,7 +52,7 @@ module:hook("s2s-stream-features",
                function (data)
                        local session, features = data.session, data.features;
                        if session.to_host and session.type ~= "s2sin" and session.conn.starttls then
-                               features:tag("starttls", starttls_attr):up();
+                               features:tag("starttls", starttls_attr)
                                if secure_s2s_only then
                                        features:tag("required"):up():up();
                                else