X-Git-Url: https://git.enpas.org/?a=blobdiff_plain;f=core%2Fs2smanager.lua;h=d8ceb4efeb17ca58694a4d0a611cf6f39bd693ca;hb=090bf617e12f1a84c0d1d04917f771c9684a5304;hp=a24f2b2d0f261f38c3da8335ab1400463a311eb2;hpb=48a38a051a8f89ed2c717823d67884957e98db9f;p=prosody.git

diff --git a/core/s2smanager.lua b/core/s2smanager.lua
index a24f2b2d..d8ceb4ef 100644
--- a/core/s2smanager.lua
+++ b/core/s2smanager.lua
@@ -181,7 +181,6 @@ function new_outgoing(from_host, to_host, connect)
 				buffer[#buffer+1] = data;
 				log("debug", "Buffered item %d: %s", #buffer, tostring(data));
 			end
-			
 		end
 
 		return host_session;
@@ -308,6 +307,11 @@ function make_connect(host_session, connect_host, connect_port)
 	local from_host, to_host = host_session.from_host, host_session.to_host;
 	
 	local conn, handler = socket.tcp()
+	
+	if not conn then
+		log("warn", "Failed to create outgoing connection, system error: %s", handler);
+		return false, handler;
+	end
 
 	conn:settimeout(0);
 	local success, err = conn:connect(connect_host, connect_port);
@@ -317,7 +321,7 @@ function make_connect(host_session, connect_host, connect_port)
 	end
 	
 	local cl = connlisteners_get("xmppserver");
-	conn = wrapclient(conn, connect_host, connect_port, cl, cl.default_mode or 1, hosts[from_host].ssl_ctx, false );
+	conn = wrapclient(conn, connect_host, connect_port, cl, cl.default_mode or 1 );
 	host_session.conn = conn;
 	
 	-- Register this outgoing connection so that xmppserver_listener knows about it
@@ -449,6 +453,16 @@ function verify_dialback(id, to, from, key)
 end
 
 function make_authenticated(session, host)
+	if not session.secure then
+		local local_host = session.direction == "incoming" and session.to_host or session.from_host;
+		if config.get(local_host, "core", "s2s_require_encryption") then
+			session:close({
+				condition = "policy-violation",
+				text = "Encrypted server-to-server communication is required but was not "
+				       ..((session.direction == "outgoing" and "offered") or "used")
+			});
+		end
+	end
 	if session.type == "s2sout_unauthed" then
 		session.type = "s2sout";
 	elseif session.type == "s2sin_unauthed" then