aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMatthew Wild <mwild1@gmail.com>2010-01-30 16:42:27 +0000
committerMatthew Wild <mwild1@gmail.com>2010-01-30 16:42:27 +0000
commitd169b18350f21065da6455a51185759c356019c5 (patch)
treefc85e42a73a2915f65691d3f1f39392dbcf1b979
parentc9740f1fcf80ed25c1ab18bfba990c6d4fbe6b15 (diff)
downloadprosody-d169b18350f21065da6455a51185759c356019c5.tar.gz
prosody-d169b18350f21065da6455a51185759c356019c5.zip
s2smanager: Make require_s2s_encryption do what it says on the tin
-rw-r--r--core/s2smanager.lua10
1 files changed, 10 insertions, 0 deletions
diff --git a/core/s2smanager.lua b/core/s2smanager.lua
index 40fd6795..c9a26e04 100644
--- a/core/s2smanager.lua
+++ b/core/s2smanager.lua
@@ -449,6 +449,16 @@ function verify_dialback(id, to, from, key)
end
function make_authenticated(session, host)
+ if not session.secure then
+ local local_host = session.direction == "incoming" and session.to_host or session.from_host;
+ if config.get(local_host, "core", "require_s2s_encryption")) then
+ session:close({
+ condition = "policy-violation",
+ text = "Encrypted server-to-server communication is required but was not "
+ ..((session.direction == "outgoing" and "offered") or "used")
+ });
+ end
+ end
if session.type == "s2sout_unauthed" then
session.type = "s2sout";
elseif session.type == "s2sin_unauthed" then