X-Git-Url: https://git.enpas.org/?a=blobdiff_plain;f=plugins%2Fmod_tls.lua;h=69aafe82d90043e540ac9964d03862a6dea44653;hb=873005c41b407731d759be423c51cb251346c0ae;hp=f9d2cee99af4c40ea574ca968df7c747e3d741c5;hpb=0ee742019c5a7a86de6fbaf98db2c737c5ce41a9;p=prosody.git diff --git a/plugins/mod_tls.lua b/plugins/mod_tls.lua index f9d2cee9..69aafe82 100644 --- a/plugins/mod_tls.lua +++ b/plugins/mod_tls.lua @@ -7,6 +7,7 @@ -- local create_context = require "core.certmanager".create_context; +local rawgetopt = require"core.configmanager".rawget; local st = require "util.stanza"; local c2s_require_encryption = module:get_option("c2s_require_encryption", module:get_option("require_encryption")); @@ -21,6 +22,7 @@ end local xmlns_starttls = 'urn:ietf:params:xml:ns:xmpp-tls'; local starttls_attr = { xmlns = xmlns_starttls }; +local starttls_initiate= st.stanza("starttls", starttls_attr); local starttls_proceed = st.stanza("proceed", starttls_attr); local starttls_failure = st.stanza("failure", starttls_attr); local c2s_feature = st.stanza("starttls", starttls_attr); @@ -35,19 +37,19 @@ local ssl_ctx_c2s, ssl_ctx_s2sout, ssl_ctx_s2sin; local ssl_cfg_c2s, ssl_cfg_s2sout, ssl_cfg_s2sin; do local NULL, err = {}; - local global = module:context("*"); - local parent = module:context(module.host:match("%.(.*)$")); + local modhost = module.host; + local parent = modhost:match("%.(.*)$"); - local parent_ssl = parent:get_option("ssl"); - local host_ssl = module:get_option("ssl", parent_ssl); + local parent_ssl = rawgetopt(parent, "ssl") or NULL; + local host_ssl = rawgetopt(modhost, "ssl") or parent_ssl; - local global_c2s = global:get_option("c2s_ssl", NULL); - local parent_c2s = parent:get_option("c2s_ssl", NULL); - local host_c2s = module:get_option("c2s_ssl", parent_c2s); + local global_c2s = rawgetopt("*", "c2s_ssl") or NULL; + local parent_c2s = rawgetopt(parent, "c2s_ssl") or NULL; + local host_c2s = rawgetopt(modhost, "c2s_ssl") or parent_c2s; - local global_s2s = global:get_option("s2s_ssl", NULL); - local parent_s2s = parent:get_option("s2s_ssl", NULL); - local host_s2s = module:get_option("s2s_ssl", parent_s2s); + local global_s2s = rawgetopt("*", "s2s_ssl") or NULL; + local parent_s2s = rawgetopt(parent, "s2s_ssl") or NULL; + local host_s2s = rawgetopt(modhost, "s2s_ssl") or parent_s2s; ssl_ctx_c2s, err, ssl_cfg_c2s = create_context(host.host, "server", host_c2s, host_ssl, global_c2s); -- for incoming client connections if not ssl_ctx_c2s then module:log("error", "Error creating context for c2s: %s", err); end @@ -60,7 +62,7 @@ do end local function can_do_tls(session) - if not session.conn.starttls then + if session.ssl_ctx == false or not session.conn.starttls then return false; elseif session.ssl_ctx then return true; @@ -116,7 +118,7 @@ module:hook_stanza("http://etherx.jabber.org/streams", "features", function (ses module:log("debug", "Received features element"); if can_do_tls(session) and stanza:get_child("starttls", xmlns_starttls) then module:log("debug", "%s is offering TLS, taking up the offer...", session.to_host); - session.sends2s(""); + session.sends2s(starttls_initiate); return true; end end, 500);