X-Git-Url: https://git.enpas.org/?a=blobdiff_plain;f=plugins%2Fmod_tls.lua;h=f9d2cee99af4c40ea574ca968df7c747e3d741c5;hb=49f770653e6d1076c0cf4b8ebc6a578976baf321;hp=351aaffc9708ead631446118096334067e0a2f4d;hpb=ab718027e48561e55f69ae2551c07e6e277a6e6a;p=prosody.git

diff --git a/plugins/mod_tls.lua b/plugins/mod_tls.lua
index 351aaffc..f9d2cee9 100644
--- a/plugins/mod_tls.lua
+++ b/plugins/mod_tls.lua
@@ -9,7 +9,7 @@
 local create_context = require "core.certmanager".create_context;
 local st = require "util.stanza";
 
-local c2s_require_encryption = module:get_option("c2s_require_encryption") or module:get_option("require_encryption");
+local c2s_require_encryption = module:get_option("c2s_require_encryption", module:get_option("require_encryption"));
 local s2s_require_encryption = module:get_option("s2s_require_encryption");
 local allow_s2s_tls = module:get_option("s2s_allow_encryption") ~= false;
 local s2s_secure_auth = module:get_option("s2s_secure_auth");
@@ -32,6 +32,7 @@ local hosts = prosody.hosts;
 local host = hosts[module.host];
 
 local ssl_ctx_c2s, ssl_ctx_s2sout, ssl_ctx_s2sin;
+local ssl_cfg_c2s, ssl_cfg_s2sout, ssl_cfg_s2sin;
 do
 	local NULL, err = {};
 	local global = module:context("*");
@@ -48,12 +49,14 @@ do
 	local parent_s2s = parent:get_option("s2s_ssl", NULL);
 	local host_s2s   = module:get_option("s2s_ssl", parent_s2s);
 
-	ssl_ctx_c2s, err = create_context(host.host, "server", host_c2s, host_ssl, global_c2s); -- for incoming client connections
-	if err then module:log("error", "Error creating context for c2s: %s", err); end
+	ssl_ctx_c2s, err, ssl_cfg_c2s = create_context(host.host, "server", host_c2s, host_ssl, global_c2s); -- for incoming client connections
+	if not ssl_ctx_c2s then module:log("error", "Error creating context for c2s: %s", err); end
 
-	ssl_ctx_s2sin, err = create_context(host.host, "server", host_s2s, host_ssl, global_s2s); -- for incoming server connections
-	ssl_ctx_s2sout = create_context(host.host, "client", host_s2s, host_ssl, global_s2s); -- for outgoing server connections
-	if err then module:log("error", "Error creating context for s2s: %s", err); end -- Both would have the same issue
+	ssl_ctx_s2sout, err, ssl_cfg_s2sout = create_context(host.host, "client", host_s2s, host_ssl, global_s2s); -- for outgoing server connections
+	if not ssl_ctx_s2sout then module:log("error", "Error creating contexts for s2sout: %s", err); end
+
+	ssl_ctx_s2sin, err, ssl_cfg_s2sin = create_context(host.host, "server", host_s2s, host_ssl, global_s2s); -- for incoming server connections
+	if not ssl_ctx_s2sin then module:log("error", "Error creating contexts for s2sin: %s", err); end
 end
 
 local function can_do_tls(session)
@@ -64,10 +67,13 @@ local function can_do_tls(session)
 	end
 	if session.type == "c2s_unauthed" then
 		session.ssl_ctx = ssl_ctx_c2s;
+		session.ssl_cfg = ssl_cfg_c2s;
 	elseif session.type == "s2sin_unauthed" and allow_s2s_tls then
 		session.ssl_ctx = ssl_ctx_s2sin;
+		session.ssl_cfg = ssl_cfg_s2sin;
 	elseif session.direction == "outgoing" and allow_s2s_tls then
 		session.ssl_ctx = ssl_ctx_s2sout;
+		session.ssl_cfg = ssl_cfg_s2sout;
 	else
 		return false;
 	end