diff options
author | Kim Alvefur <zash@zash.se> | 2017-01-23 10:45:20 +0100 |
---|---|---|
committer | Kim Alvefur <zash@zash.se> | 2017-01-23 10:45:20 +0100 |
commit | 31ac4804c2c3c6b12c53d64044a9cb7f6666314c (patch) | |
tree | cc3a22c09d58b7ecfa4708c2cf96ef25e97a4ae1 | |
parent | 11d31ff179d06a1d981956286b2c3b6b0d45e75a (diff) | |
download | prosody-31ac4804c2c3c6b12c53d64044a9cb7f6666314c.tar.gz prosody-31ac4804c2c3c6b12c53d64044a9cb7f6666314c.zip |
mod_tls: Only accept <proceed> on outgoing s2s connections
-rw-r--r-- | plugins/mod_tls.lua | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/plugins/mod_tls.lua b/plugins/mod_tls.lua index 7eedb083..d9593b4c 100644 --- a/plugins/mod_tls.lua +++ b/plugins/mod_tls.lua @@ -124,9 +124,11 @@ module:hook_stanza("http://etherx.jabber.org/streams", "features", function (ses end, 500); module:hook_stanza(xmlns_starttls, "proceed", function (session, stanza) -- luacheck: ignore 212/stanza - module:log("debug", "Proceeding with TLS on s2sout..."); - session:reset_stream(); - session.conn:starttls(session.ssl_ctx); - session.secure = false; - return true; + if session.type == "s2sout_unauthed" then + module:log("debug", "Proceeding with TLS on s2sout..."); + session:reset_stream(); + session.conn:starttls(session.ssl_ctx); + session.secure = false; + return true; + end end); |