From: Matthew Wild <mwild1@gmail.com>
Date: Sat, 17 Oct 2009 15:25:28 +0000 (+0100)
Subject: mod_tls: Offer the host-specific cert (when there is one) to incoming c2s/s2s connect... 
X-Git-Url: https://git.enpas.org/?a=commitdiff_plain;h=68559169a08b07d7e52c72571231cdee564c1b62;p=prosody.git

mod_tls: Offer the host-specific cert (when there is one) to incoming c2s/s2s connections, fixes #30 (thanks, albert, Flo, johnny, and all who nagged me :) )
---

diff --git a/plugins/mod_tls.lua b/plugins/mod_tls.lua
index 79a74deb..8a450803 100644
--- a/plugins/mod_tls.lua
+++ b/plugins/mod_tls.lua
@@ -19,6 +19,9 @@ module:add_handler("c2s_unauthed", "starttls", xmlns_starttls,
 			if session.conn.starttls then
 				session.send(st.stanza("proceed", { xmlns = xmlns_starttls }));
 				session:reset_stream();
+				if session.host and hosts[session.host].ssl_ctx_in then
+					session.conn.set_sslctx(hosts[session.host].ssl_ctx_in);
+				end
 				session.conn.starttls();
 				session.log("info", "TLS negotiation started...");
 				session.secure = false;
@@ -33,6 +36,9 @@ module:add_handler("s2sin_unauthed", "starttls", xmlns_starttls,
 			if session.conn.starttls then
 				session.sends2s(st.stanza("proceed", { xmlns = xmlns_starttls }));
 				session:reset_stream();
+				if session.to_host and hosts[session.to_host].ssl_ctx_in then
+					session.conn.set_sslctx(hosts[session.to_host].ssl_ctx_in);
+				end
 				session.conn.starttls();
 				session.log("info", "TLS negotiation started for incoming s2s...");
 				session.secure = false;