diff options
| author | Kim Alvefur <zash@zash.se> | 2017-01-27 12:21:09 +0100 |
|---|---|---|
| committer | Kim Alvefur <zash@zash.se> | 2017-01-27 12:21:09 +0100 |
| commit | 8ee33e543a323a86867e28a68be8c2c542f261c3 (patch) | |
| tree | d91895570e98cb55c4238a6ab9f3521ae997d068 | |
| parent | e18117b8f9bffb05582ff610f0bd011d54a94c33 (diff) | |
| download | prosody-8ee33e543a323a86867e28a68be8c2c542f261c3.tar.gz prosody-8ee33e543a323a86867e28a68be8c2c542f261c3.zip | |
mod_tls: Check that connection has starttls method first to prevent offering starttls over tls (thanks Remko and Tobias)
| -rw-r--r-- | plugins/mod_tls.lua | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/plugins/mod_tls.lua b/plugins/mod_tls.lua index c5903b61..2b265032 100644 --- a/plugins/mod_tls.lua +++ b/plugins/mod_tls.lua @@ -62,10 +62,10 @@ do end local function can_do_tls(session) - if session.ssl_ctx ~= nil then - return session.ssl_ctx; - elseif not session.conn.starttls then + if not session.conn.starttls then return false; + elseif session.ssl_ctx ~= nil then + return session.ssl_ctx; end if session.type == "c2s_unauthed" then session.ssl_ctx = ssl_ctx_c2s; |