X-Git-Url: https://git.enpas.org/?a=blobdiff_plain;f=plugins%2Fmod_tls.lua;h=79a74deb2d5e31343cfd33ca0de246dad7958fa9;hb=863f00a39e9e9a50569b3390c5bc16f27c4e88ea;hp=cce6e537629e66e7e979960df2ba50edd78423da;hpb=4558eaa6e8e0c22c5519a746e930343b0f701f5a;p=prosody.git diff --git a/plugins/mod_tls.lua b/plugins/mod_tls.lua index cce6e537..79a74deb 100644 --- a/plugins/mod_tls.lua +++ b/plugins/mod_tls.lua @@ -12,7 +12,7 @@ local xmlns_stream = 'http://etherx.jabber.org/streams'; local xmlns_starttls = 'urn:ietf:params:xml:ns:xmpp-tls'; local secure_auth_only = module:get_option("c2s_require_encryption") or module:get_option("require_encryption"); -local secure_s2s_only = module:get_option("require_s2s_encryption"); +local secure_s2s_only = module:get_option("s2s_require_encryption"); module:add_handler("c2s_unauthed", "starttls", xmlns_starttls, function (session, stanza) @@ -56,11 +56,10 @@ module:add_event_hook("stream-features", end end); -module:add_event_hook("s2s-stream-features", - function (session, features) - -- This hook is possibly called once per host (at least if the - -- remote server does not specify a to/from. - if session.to_host and session.conn.starttls and not features:child_with_ns(xmlns_starttls) then +module:hook("s2s-stream-features", + function (data) + local session, features = data.session, data.features; + if session.to_host and session.conn.starttls then features:tag("starttls", starttls_attr):up(); if secure_s2s_only then features:tag("required"):up():up(); @@ -74,7 +73,7 @@ module:add_event_hook("s2s-stream-features", module:hook_stanza(xmlns_stream, "features", function (session, stanza) module:log("debug", "Received features element"); - if stanza:child_with_ns(xmlns_starttls) then + if session.conn.starttls and stanza:child_with_ns(xmlns_starttls) then module:log("%s is offering TLS, taking up the offer...", session.to_host); session.sends2s(""); return true; @@ -87,5 +86,6 @@ module:hook_stanza(xmlns_starttls, "proceed", local format, to_host, from_host = string.format, session.to_host, session.from_host; session:reset_stream(); session.conn.starttls(true); + session.secure = false; return true; end);