projects / prosody.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
sessionmanager, s2smanager: Give sessions dummy data handlers that log when data...
[prosody.git] / plugins / mod_tls.lua
diff --git a/plugins/mod_tls.lua b/plugins/mod_tls.lua
index 79a74deb2d5e31343cfd33ca0de246dad7958fa9..49ee18c9e4461444fc8a76b726ec9348f345b42e 100644 (file)
--- a/plugins/mod_tls.lua
+++ b/plugins/mod_tls.lua
@@ -19,12 +19,16 @@ module:add_handler("c2s_unauthed", "starttls", xmlns_starttls,
                        if session.conn.starttls then
                                session.send(st.stanza("proceed", { xmlns = xmlns_starttls }));
                                session:reset_stream();
+                               if session.host and hosts[session.host].ssl_ctx_in then
+                                       session.conn.set_sslctx(hosts[session.host].ssl_ctx_in);
+                               end
                                session.conn.starttls();
                                session.log("info", "TLS negotiation started...");
                                session.secure = false;
                        else
-                               -- FIXME: What reply?
                                session.log("warn", "Attempt to start TLS, but TLS is not available on this connection");
+                               (session.sends2s or session.send)(st.stanza("failure", { xmlns = xmlns_starttls }));
+                               session:close();
                        end
                end);
                
@@ -33,12 +37,16 @@ module:add_handler("s2sin_unauthed", "starttls", xmlns_starttls,
                        if session.conn.starttls then
                                session.sends2s(st.stanza("proceed", { xmlns = xmlns_starttls }));
                                session:reset_stream();
+                               if session.to_host and hosts[session.to_host].ssl_ctx_in then
+                                       session.conn.set_sslctx(hosts[session.to_host].ssl_ctx_in);
+                               end
                                session.conn.starttls();
                                session.log("info", "TLS negotiation started for incoming s2s...");
                                session.secure = false;
                        else
-                               -- FIXME: What reply?
                                session.log("warn", "Attempt to start TLS, but TLS is not available on this s2s connection");
+                               (session.sends2s or session.send)(st.stanza("failure", { xmlns = xmlns_starttls }));
+                               session:close();
                        end
                end);
 
@@ -60,7 +68,7 @@ module:hook("s2s-stream-features",
                function (data)
                        local session, features = data.session, data.features;
                        if session.to_host and session.conn.starttls then
-                               features:tag("starttls", starttls_attr):up();
+                               features:tag("starttls", starttls_attr);
                                if secure_s2s_only then
                                        features:tag("required"):up():up();
                                else