aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2017-01-23 10:45:20 +0100
committerKim Alvefur <zash@zash.se>2017-01-23 10:45:20 +0100
commita7a8fa91e375d04d694b3c559c526cd78a7fb820 (patch)
treecc3a22c09d58b7ecfa4708c2cf96ef25e97a4ae1
parent8bcfc383748488c26c854a034db42c9e31674823 (diff)
downloadprosody-a7a8fa91e375d04d694b3c559c526cd78a7fb820.tar.gz
prosody-a7a8fa91e375d04d694b3c559c526cd78a7fb820.zip
mod_tls: Only accept <proceed> on outgoing s2s connections
-rw-r--r--plugins/mod_tls.lua12
1 files changed, 7 insertions, 5 deletions
diff --git a/plugins/mod_tls.lua b/plugins/mod_tls.lua
index 7eedb083..d9593b4c 100644
--- a/plugins/mod_tls.lua
+++ b/plugins/mod_tls.lua
@@ -124,9 +124,11 @@ module:hook_stanza("http://etherx.jabber.org/streams", "features", function (ses
end, 500);
module:hook_stanza(xmlns_starttls, "proceed", function (session, stanza) -- luacheck: ignore 212/stanza
- module:log("debug", "Proceeding with TLS on s2sout...");
- session:reset_stream();
- session.conn:starttls(session.ssl_ctx);
- session.secure = false;
- return true;
+ if session.type == "s2sout_unauthed" then
+ module:log("debug", "Proceeding with TLS on s2sout...");
+ session:reset_stream();
+ session.conn:starttls(session.ssl_ctx);
+ session.secure = false;
+ return true;
+ end
end);