projects / prosody.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 03a3399)
mod_tls: Respond with proper error when TLS cannot be negotiated.
authorWaqas Hussain <waqas20@gmail.com>
Thu, 11 Feb 2010 21:39:50 +0000 (02:39 +0500)
committerWaqas Hussain <waqas20@gmail.com>
Thu, 11 Feb 2010 21:39:50 +0000 (02:39 +0500)
plugins/mod_tls.lua patch | blob | history

diff --git a/plugins/mod_tls.lua b/plugins/mod_tls.lua
index 706b42c948429d279b48220e7f570f9402bda0f8..fb1433dac1e695106b1aefaed7d4893e6b9c7828 100644 (file)
--- a/plugins/mod_tls.lua
+++ b/plugins/mod_tls.lua
@@ -20,14 +20,15 @@ module:add_handler("c2s_unauthed", "starttls", xmlns_starttls,
                                session.send(st.stanza("proceed", { xmlns = xmlns_starttls }));
                                session:reset_stream();
                                if session.host and hosts[session.host].ssl_ctx_in then
-                                       session.conn:set_sslctx(hosts[session.host].ssl_ctx_in);
+                                       session.conn.set_sslctx(hosts[session.host].ssl_ctx_in);
                                end
-                               session.conn:starttls();
+                               session.conn.starttls();
                                session.log("info", "TLS negotiation started...");
                                session.secure = false;
                        else
-                               -- FIXME: What reply?
                                session.log("warn", "Attempt to start TLS, but TLS is not available on this connection");
+                               (session.sends2s or session.send)(st.stanza("failure", { xmlns = xmlns_starttls }));
+                               session:close();
                        end
                end);
                
@@ -37,14 +38,15 @@ module:add_handler("s2sin_unauthed", "starttls", xmlns_starttls,
                                session.sends2s(st.stanza("proceed", { xmlns = xmlns_starttls }));
                                session:reset_stream();
                                if session.to_host and hosts[session.to_host].ssl_ctx_in then
-                                       session.conn:set_sslctx(hosts[session.to_host].ssl_ctx_in);
+                                       session.conn.set_sslctx(hosts[session.to_host].ssl_ctx_in);
                                end
-                               session.conn:starttls();
+                               session.conn.starttls();
                                session.log("info", "TLS negotiation started for incoming s2s...");
                                session.secure = false;
                        else
-                               -- FIXME: What reply?
                                session.log("warn", "Attempt to start TLS, but TLS is not available on this s2s connection");
+                               (session.sends2s or session.send)(st.stanza("failure", { xmlns = xmlns_starttls }));
+                               session:close();
                        end
                end);
 
@@ -91,7 +93,7 @@ module:hook_stanza(xmlns_starttls, "proceed",
                        module:log("debug", "Proceeding with TLS on s2sout...");
                        local format, to_host, from_host = string.format, session.to_host, session.from_host;
                        session:reset_stream();
-                       session.conn:starttls(true);
+                       session.conn.starttls(true);
                        session.secure = false;
                        return true;
                end);