aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2017-01-27 12:21:09 +0100
committerKim Alvefur <zash@zash.se>2017-01-27 12:21:09 +0100
commitc8b213ff4f88ac6c0d21e58669d399d12f82c5b8 (patch)
treed91895570e98cb55c4238a6ab9f3521ae997d068
parenta67d0bfb97f2c2e0b2cd7a303accd70c95911275 (diff)
downloadprosody-c8b213ff4f88ac6c0d21e58669d399d12f82c5b8.tar.gz
prosody-c8b213ff4f88ac6c0d21e58669d399d12f82c5b8.zip
mod_tls: Check that connection has starttls method first to prevent offering starttls over tls (thanks Remko and Tobias)
-rw-r--r--plugins/mod_tls.lua6
1 files changed, 3 insertions, 3 deletions
diff --git a/plugins/mod_tls.lua b/plugins/mod_tls.lua
index c5903b61..2b265032 100644
--- a/plugins/mod_tls.lua
+++ b/plugins/mod_tls.lua
@@ -62,10 +62,10 @@ do
end
local function can_do_tls(session)
- if session.ssl_ctx ~= nil then
- return session.ssl_ctx;
- elseif not session.conn.starttls then
+ if not session.conn.starttls then
return false;
+ elseif session.ssl_ctx ~= nil then
+ return session.ssl_ctx;
end
if session.type == "c2s_unauthed" then
session.ssl_ctx = ssl_ctx_c2s;