aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMatthew Wild <mwild1@gmail.com>2010-02-16 17:15:43 +0000
committerMatthew Wild <mwild1@gmail.com>2010-02-16 17:15:43 +0000
commit8a18a4cc28227ac11095aa00377540b6b9e61978 (patch)
treecd048710d261efe61632f996e4d4584af4cd9e8d
parent597eb290d4d114bfd8bf24b0947de1fba66b17e8 (diff)
downloadprosody-8a18a4cc28227ac11095aa00377540b6b9e61978.tar.gz
prosody-8a18a4cc28227ac11095aa00377540b6b9e61978.zip
mod_tls: Only negotiate TLS on outgoing s2s connections if we have an SSL context (thanks Flo...)
-rw-r--r--plugins/mod_tls.lua4
1 files changed, 3 insertions, 1 deletions
diff --git a/plugins/mod_tls.lua b/plugins/mod_tls.lua
index 1a00c36e..7aee2921 100644
--- a/plugins/mod_tls.lua
+++ b/plugins/mod_tls.lua
@@ -29,6 +29,8 @@ local function can_do_tls(session)
return session.conn.starttls and host.ssl_ctx_in;
elseif session.type == "s2sin_unauthed" then
return session.conn.starttls and host.ssl_ctx_in;
+ elseif session.direction == "outgoing" then
+ return session.conn.starttls and host.ssl_ctx;
end
return false;
end
@@ -69,7 +71,7 @@ end);
-- For s2sout connections, start TLS if we can
module:hook_stanza("http://etherx.jabber.org/streams", "features", function (session, stanza)
module:log("debug", "Received features element");
- if session.conn.starttls and stanza:child_with_ns(xmlns_starttls) then
+ if can_do_tls(session) and stanza:child_with_ns(xmlns_starttls) then
module:log("%s is offering TLS, taking up the offer...", session.to_host);
session.sends2s("<starttls xmlns='"..xmlns_starttls.."'/>");
return true;