projects / prosody.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge with 0.7
[prosody.git] / plugins / mod_tls.lua
diff --git a/plugins/mod_tls.lua b/plugins/mod_tls.lua
index 8f688d613154d1ed77afcdb65bbe1af432c77d28..7aee29219cac32b41264888478c4796623867f37 100644 (file)
--- a/plugins/mod_tls.lua
+++ b/plugins/mod_tls.lua
@@ -26,9 +26,11 @@ local host = hosts[module.host];
 
 local function can_do_tls(session)
        if session.type == "c2s_unauthed" then
-               return session.username and session.conn.starttls and host.ssl_ctx_in;
+               return session.conn.starttls and host.ssl_ctx_in;
        elseif session.type == "s2sin_unauthed" then
-               return origin.to_host and origin.conn.starttls and host.ssl_ctx_in;
+               return session.conn.starttls and host.ssl_ctx_in;
+       elseif session.direction == "outgoing" then
+               return session.conn.starttls and host.ssl_ctx;
        end
        return false;
 end
@@ -69,7 +71,7 @@ end);
 -- For s2sout connections, start TLS if we can
 module:hook_stanza("http://etherx.jabber.org/streams", "features", function (session, stanza)
        module:log("debug", "Received features element");
-       if session.conn.starttls and stanza:child_with_ns(xmlns_starttls) then
+       if can_do_tls(session) and stanza:child_with_ns(xmlns_starttls) then
                module:log("%s is offering TLS, taking up the offer...", session.to_host);
                session.sends2s("<starttls xmlns='"..xmlns_starttls.."'/>");
                return true;