mod_tls: Let s2s_secure_auth override s2s_require_encryption and warn if they differ

author Kim Alvefur <zash@zash.se>

Wed, 15 Jan 2014 21:47:50 +0000 (22:47 +0100)

committer Kim Alvefur <zash@zash.se>

Wed, 15 Jan 2014 21:47:50 +0000 (22:47 +0100)
author Kim Alvefur <zash@zash.se>
Wed, 15 Jan 2014 21:47:50 +0000 (22:47 +0100)
committer Kim Alvefur <zash@zash.se>
Wed, 15 Jan 2014 21:47:50 +0000 (22:47 +0100)
diff --git a/plugins/mod_tls.lua b/plugins/mod_tls.lua

index 6db02c2c1b231dce87338d24065d0eaaaec7fae8..2741b8d401f04a1ebee22a66a543b96ae3cb058a 100644 (file)
--- a/plugins/mod_tls.lua
+++ b/plugins/mod_tls.lua
@@ -13,6 +13,12 @@ local st = require "util.stanza";
  local c2s_require_encryption = module:get_option("c2s_require_encryption") or module:get_option("require_encryption");
  local s2s_require_encryption = module:get_option("s2s_require_encryption");
  local allow_s2s_tls = module:get_option("s2s_allow_encryption") ~= false;
+local s2s_secure_auth = module:get_option("s2s_secure_auth");
+
+if s2s_secure_auth and s2s_require_encryption == false then
+       module:log("warn", "s2s_secure_auth implies s2s_require_encryption, but s2s_require_encryption is set to false");
+       s2s_require_encryption = true;
+end
  
  local xmlns_starttls = 'urn:ietf:params:xml:ns:xmpp-tls';
  local starttls_attr = { xmlns = xmlns_starttls };
author	Kim Alvefur <zash@zash.se>
	Wed, 15 Jan 2014 21:47:50 +0000 (22:47 +0100)
committer	Kim Alvefur <zash@zash.se>
	Wed, 15 Jan 2014 21:47:50 +0000 (22:47 +0100)