mod_tls: Only negotiate TLS on outgoing s2s connections if we have an SSL context...

author Matthew Wild <mwild1@gmail.com>

Tue, 16 Feb 2010 17:15:43 +0000 (17:15 +0000)

committer Matthew Wild <mwild1@gmail.com>

Tue, 16 Feb 2010 17:15:43 +0000 (17:15 +0000)
author Matthew Wild <mwild1@gmail.com>
Tue, 16 Feb 2010 17:15:43 +0000 (17:15 +0000)
committer Matthew Wild <mwild1@gmail.com>
Tue, 16 Feb 2010 17:15:43 +0000 (17:15 +0000)
diff --git a/plugins/mod_tls.lua b/plugins/mod_tls.lua

index 1a00c36e06736a2f877355f7e7e119c352741c05..7aee29219cac32b41264888478c4796623867f37 100644 (file)
--- a/plugins/mod_tls.lua
+++ b/plugins/mod_tls.lua
@@ -29,6 +29,8 @@ local function can_do_tls(session)
                 return session.conn.starttls and host.ssl_ctx_in;
         elseif session.type == "s2sin_unauthed" then
                 return session.conn.starttls and host.ssl_ctx_in;
+       elseif session.direction == "outgoing" then
+               return session.conn.starttls and host.ssl_ctx;
         end
         return false;
  end
@@ -69,7 +71,7 @@ end);
  -- For s2sout connections, start TLS if we can
  module:hook_stanza("http://etherx.jabber.org/streams", "features", function (session, stanza)
         module:log("debug", "Received features element");
-       if session.conn.starttls and stanza:child_with_ns(xmlns_starttls) then
+       if can_do_tls(session) and stanza:child_with_ns(xmlns_starttls) then
                 module:log("%s is offering TLS, taking up the offer...", session.to_host);
                 session.sends2s("<starttls xmlns='"..xmlns_starttls.."'/>");
                 return true;
author	Matthew Wild <mwild1@gmail.com>
	Tue, 16 Feb 2010 17:15:43 +0000 (17:15 +0000)
committer	Matthew Wild <mwild1@gmail.com>
	Tue, 16 Feb 2010 17:15:43 +0000 (17:15 +0000)