From 7c81b7c155b58cdcbaad774f263e577a00f8c19d Mon Sep 17 00:00:00 2001
From: Waqas Hussain <waqas20@gmail.com>
Date: Wed, 10 Feb 2010 01:36:22 +0500
Subject: [PATCH] mod_tls: Don't advertise TLS after authentication.

---
 plugins/mod_tls.lua | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/plugins/mod_tls.lua b/plugins/mod_tls.lua
index 73b5ae09..7153e48a 100644
--- a/plugins/mod_tls.lua
+++ b/plugins/mod_tls.lua
@@ -50,7 +50,7 @@ module:add_handler("s2sin_unauthed", "starttls", xmlns_starttls,
 local starttls_attr = { xmlns = xmlns_starttls };
 module:add_event_hook("stream-features", 
 		function (session, features)
-			if session.conn.starttls then
+			if not session.username and session.conn.starttls then
 				features:tag("starttls", starttls_attr);
 				if secure_auth_only then
 					features:tag("required"):up():up();
@@ -63,7 +63,7 @@ module:add_event_hook("stream-features",
 module:hook("s2s-stream-features", 
 		function (data)
 			local session, features = data.session, data.features;
-			if session.to_host and session.conn.starttls then
+			if session.to_host and session.type ~= "s2sin" and session.conn.starttls then
 				features:tag("starttls", starttls_attr):up();
 				if secure_s2s_only then
 					features:tag("required"):up():up();
-- 
2.30.2