projects
/
prosody.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
03a3399
)
mod_tls: Respond with proper error when TLS cannot be negotiated.
author
Waqas Hussain
<waqas20@gmail.com>
Thu, 11 Feb 2010 21:39:50 +0000
(
02:39
+0500)
committer
Waqas Hussain
<waqas20@gmail.com>
Thu, 11 Feb 2010 21:39:50 +0000
(
02:39
+0500)
plugins/mod_tls.lua
patch
|
blob
|
history
diff --git
a/plugins/mod_tls.lua
b/plugins/mod_tls.lua
index 706b42c948429d279b48220e7f570f9402bda0f8..fb1433dac1e695106b1aefaed7d4893e6b9c7828 100644
(file)
--- a/
plugins/mod_tls.lua
+++ b/
plugins/mod_tls.lua
@@
-20,14
+20,15
@@
module:add_handler("c2s_unauthed", "starttls", xmlns_starttls,
session.send(st.stanza("proceed", { xmlns = xmlns_starttls }));
session:reset_stream();
if session.host and hosts[session.host].ssl_ctx_in then
session.send(st.stanza("proceed", { xmlns = xmlns_starttls }));
session:reset_stream();
if session.host and hosts[session.host].ssl_ctx_in then
- session.conn
:
set_sslctx(hosts[session.host].ssl_ctx_in);
+ session.conn
.
set_sslctx(hosts[session.host].ssl_ctx_in);
end
end
- session.conn
:
starttls();
+ session.conn
.
starttls();
session.log("info", "TLS negotiation started...");
session.secure = false;
else
session.log("info", "TLS negotiation started...");
session.secure = false;
else
- -- FIXME: What reply?
session.log("warn", "Attempt to start TLS, but TLS is not available on this connection");
session.log("warn", "Attempt to start TLS, but TLS is not available on this connection");
+ (session.sends2s or session.send)(st.stanza("failure", { xmlns = xmlns_starttls }));
+ session:close();
end
end);
end
end);
@@
-37,14
+38,15
@@
module:add_handler("s2sin_unauthed", "starttls", xmlns_starttls,
session.sends2s(st.stanza("proceed", { xmlns = xmlns_starttls }));
session:reset_stream();
if session.to_host and hosts[session.to_host].ssl_ctx_in then
session.sends2s(st.stanza("proceed", { xmlns = xmlns_starttls }));
session:reset_stream();
if session.to_host and hosts[session.to_host].ssl_ctx_in then
- session.conn
:
set_sslctx(hosts[session.to_host].ssl_ctx_in);
+ session.conn
.
set_sslctx(hosts[session.to_host].ssl_ctx_in);
end
end
- session.conn
:
starttls();
+ session.conn
.
starttls();
session.log("info", "TLS negotiation started for incoming s2s...");
session.secure = false;
else
session.log("info", "TLS negotiation started for incoming s2s...");
session.secure = false;
else
- -- FIXME: What reply?
session.log("warn", "Attempt to start TLS, but TLS is not available on this s2s connection");
session.log("warn", "Attempt to start TLS, but TLS is not available on this s2s connection");
+ (session.sends2s or session.send)(st.stanza("failure", { xmlns = xmlns_starttls }));
+ session:close();
end
end);
end
end);
@@
-91,7
+93,7
@@
module:hook_stanza(xmlns_starttls, "proceed",
module:log("debug", "Proceeding with TLS on s2sout...");
local format, to_host, from_host = string.format, session.to_host, session.from_host;
session:reset_stream();
module:log("debug", "Proceeding with TLS on s2sout...");
local format, to_host, from_host = string.format, session.to_host, session.from_host;
session:reset_stream();
- session.conn
:
starttls(true);
+ session.conn
.
starttls(true);
session.secure = false;
return true;
end);
session.secure = false;
return true;
end);