diff options
author | Matthew Wild <mwild1@gmail.com> | 2010-02-16 17:15:43 +0000 |
---|---|---|
committer | Matthew Wild <mwild1@gmail.com> | 2010-02-16 17:15:43 +0000 |
commit | 8a18a4cc28227ac11095aa00377540b6b9e61978 (patch) | |
tree | cd048710d261efe61632f996e4d4584af4cd9e8d | |
parent | 597eb290d4d114bfd8bf24b0947de1fba66b17e8 (diff) | |
download | prosody-8a18a4cc28227ac11095aa00377540b6b9e61978.tar.gz prosody-8a18a4cc28227ac11095aa00377540b6b9e61978.zip |
mod_tls: Only negotiate TLS on outgoing s2s connections if we have an SSL context (thanks Flo...)
-rw-r--r-- | plugins/mod_tls.lua | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/plugins/mod_tls.lua b/plugins/mod_tls.lua index 1a00c36e..7aee2921 100644 --- a/plugins/mod_tls.lua +++ b/plugins/mod_tls.lua @@ -29,6 +29,8 @@ local function can_do_tls(session) return session.conn.starttls and host.ssl_ctx_in; elseif session.type == "s2sin_unauthed" then return session.conn.starttls and host.ssl_ctx_in; + elseif session.direction == "outgoing" then + return session.conn.starttls and host.ssl_ctx; end return false; end @@ -69,7 +71,7 @@ end); -- For s2sout connections, start TLS if we can module:hook_stanza("http://etherx.jabber.org/streams", "features", function (session, stanza) module:log("debug", "Received features element"); - if session.conn.starttls and stanza:child_with_ns(xmlns_starttls) then + if can_do_tls(session) and stanza:child_with_ns(xmlns_starttls) then module:log("%s is offering TLS, taking up the offer...", session.to_host); session.sends2s("<starttls xmlns='"..xmlns_starttls.."'/>"); return true; |