aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2022-01-25 13:20:26 +0100
committerKim Alvefur <zash@zash.se>2022-01-25 13:20:26 +0100
commitc0be43a098730e9413e77bc2e8e7b8678eae7712 (patch)
tree7017c9de2c1a103ea682aab6224583c735b44d2b
parent7a706aecec8f2508ef13aed9e4ed7d55bcf7d3d0 (diff)
downloadprosody-c0be43a098730e9413e77bc2e8e7b8678eae7712.tar.gz
prosody-c0be43a098730e9413e77bc2e8e7b8678eae7712.zip
mod_tls: Set ALPN on outgoing connections
Relevant and sometimes needed for Direct TLS which mod_s2s uses this context for. Primarily when e.g. mod_net_multiplex or equivalent ALPN based dispatch is used. All these contexts should likely move away from mod_tls and into either mod_s2s or portmanager. The later already duplicates some of this work.
-rw-r--r--plugins/mod_tls.lua3
1 files changed, 2 insertions, 1 deletions
diff --git a/plugins/mod_tls.lua b/plugins/mod_tls.lua
index f62032b6..9b80486a 100644
--- a/plugins/mod_tls.lua
+++ b/plugins/mod_tls.lua
@@ -55,13 +55,14 @@ function module.load(reload)
module:log("debug", "Creating context for c2s");
local request_client_certs = { verify = { "peer", "client_once", }; };
+ local xmpp_alpn = { alpn = "xmpp-server" };
ssl_ctx_c2s, err_c2s, ssl_cfg_c2s = create_context(host.host, "server", host_c2s, host_ssl, global_c2s); -- for incoming client connections
if not ssl_ctx_c2s then module:log("error", "Error creating context for c2s: %s", err_c2s); end
module:log("debug", "Creating context for s2sout");
-- for outgoing server connections
- ssl_ctx_s2sout, err_s2sout, ssl_cfg_s2sout = create_context(host.host, "client", host_s2s, host_ssl, global_s2s, request_client_certs);
+ ssl_ctx_s2sout, err_s2sout, ssl_cfg_s2sout = create_context(host.host, "client", host_s2s, host_ssl, global_s2s, request_client_certs, xmpp_alpn);
if not ssl_ctx_s2sout then module:log("error", "Error creating contexts for s2sout: %s", err_s2sout); end
module:log("debug", "Creating context for s2sin");