aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2017-01-23 10:45:20 +0100
committerKim Alvefur <zash@zash.se>2017-01-23 10:45:20 +0100
commit31ac4804c2c3c6b12c53d64044a9cb7f6666314c (patch)
treecc3a22c09d58b7ecfa4708c2cf96ef25e97a4ae1
parent11d31ff179d06a1d981956286b2c3b6b0d45e75a (diff)
downloadprosody-31ac4804c2c3c6b12c53d64044a9cb7f6666314c.tar.gz
prosody-31ac4804c2c3c6b12c53d64044a9cb7f6666314c.zip
mod_tls: Only accept <proceed> on outgoing s2s connections
-rw-r--r--plugins/mod_tls.lua12
1 files changed, 7 insertions, 5 deletions
diff --git a/plugins/mod_tls.lua b/plugins/mod_tls.lua
index 7eedb083..d9593b4c 100644
--- a/plugins/mod_tls.lua
+++ b/plugins/mod_tls.lua
@@ -124,9 +124,11 @@ module:hook_stanza("http://etherx.jabber.org/streams", "features", function (ses
end, 500);
module:hook_stanza(xmlns_starttls, "proceed", function (session, stanza) -- luacheck: ignore 212/stanza
- module:log("debug", "Proceeding with TLS on s2sout...");
- session:reset_stream();
- session.conn:starttls(session.ssl_ctx);
- session.secure = false;
- return true;
+ if session.type == "s2sout_unauthed" then
+ module:log("debug", "Proceeding with TLS on s2sout...");
+ session:reset_stream();
+ session.conn:starttls(session.ssl_ctx);
+ session.secure = false;
+ return true;
+ end
end);