X-Git-Url: https://git.enpas.org/?a=blobdiff_plain;f=plugins%2Fmod_tls.lua;h=69aafe82d90043e540ac9964d03862a6dea44653;hb=873005c41b407731d759be423c51cb251346c0ae;hp=85fa172a86b04454db4fdb16ff1713b3754afc6c;hpb=b47d6eb83295d2dbf8025d3685a49220ead14ec7;p=prosody.git

diff --git a/plugins/mod_tls.lua b/plugins/mod_tls.lua
index 85fa172a..69aafe82 100644
--- a/plugins/mod_tls.lua
+++ b/plugins/mod_tls.lua
@@ -7,6 +7,7 @@
 --
 
 local create_context = require "core.certmanager".create_context;
+local rawgetopt = require"core.configmanager".rawget;
 local st = require "util.stanza";
 
 local c2s_require_encryption = module:get_option("c2s_require_encryption", module:get_option("require_encryption"));
@@ -36,19 +37,19 @@ local ssl_ctx_c2s, ssl_ctx_s2sout, ssl_ctx_s2sin;
 local ssl_cfg_c2s, ssl_cfg_s2sout, ssl_cfg_s2sin;
 do
 	local NULL, err = {};
-	local global = module:context("*");
-	local parent = module:context(module.host:match("%.(.*)$"));
+	local modhost = module.host;
+	local parent = modhost:match("%.(.*)$");
 
-	local parent_ssl = parent:get_option("ssl");
-	local host_ssl   = module:get_option("ssl", parent_ssl);
+	local parent_ssl = rawgetopt(parent,  "ssl") or NULL;
+	local host_ssl   = rawgetopt(modhost, "ssl") or parent_ssl;
 
-	local global_c2s = global:get_option("c2s_ssl", NULL);
-	local parent_c2s = parent:get_option("c2s_ssl", NULL);
-	local host_c2s   = module:get_option("c2s_ssl", parent_c2s);
+	local global_c2s = rawgetopt("*",     "c2s_ssl") or NULL;
+	local parent_c2s = rawgetopt(parent,  "c2s_ssl") or NULL;
+	local host_c2s   = rawgetopt(modhost, "c2s_ssl") or parent_c2s;
 
-	local global_s2s = global:get_option("s2s_ssl", NULL);
-	local parent_s2s = parent:get_option("s2s_ssl", NULL);
-	local host_s2s   = module:get_option("s2s_ssl", parent_s2s);
+	local global_s2s = rawgetopt("*",     "s2s_ssl") or NULL;
+	local parent_s2s = rawgetopt(parent,  "s2s_ssl") or NULL;
+	local host_s2s   = rawgetopt(modhost, "s2s_ssl") or parent_s2s;
 
 	ssl_ctx_c2s, err, ssl_cfg_c2s = create_context(host.host, "server", host_c2s, host_ssl, global_c2s); -- for incoming client connections
 	if not ssl_ctx_c2s then module:log("error", "Error creating context for c2s: %s", err); end
@@ -61,7 +62,7 @@ do
 end
 
 local function can_do_tls(session)
-	if not session.conn.starttls then
+	if session.ssl_ctx == false or not session.conn.starttls then
 		return false;
 	elseif session.ssl_ctx then
 		return true;