diff options
author | Kim Alvefur <zash@zash.se> | 2017-01-23 10:45:20 +0100 |
---|---|---|
committer | Kim Alvefur <zash@zash.se> | 2017-01-23 10:45:20 +0100 |
commit | a7a8fa91e375d04d694b3c559c526cd78a7fb820 (patch) | |
tree | cc3a22c09d58b7ecfa4708c2cf96ef25e97a4ae1 | |
parent | 8bcfc383748488c26c854a034db42c9e31674823 (diff) | |
download | prosody-a7a8fa91e375d04d694b3c559c526cd78a7fb820.tar.gz prosody-a7a8fa91e375d04d694b3c559c526cd78a7fb820.zip |
mod_tls: Only accept <proceed> on outgoing s2s connections
-rw-r--r-- | plugins/mod_tls.lua | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/plugins/mod_tls.lua b/plugins/mod_tls.lua index 7eedb083..d9593b4c 100644 --- a/plugins/mod_tls.lua +++ b/plugins/mod_tls.lua @@ -124,9 +124,11 @@ module:hook_stanza("http://etherx.jabber.org/streams", "features", function (ses end, 500); module:hook_stanza(xmlns_starttls, "proceed", function (session, stanza) -- luacheck: ignore 212/stanza - module:log("debug", "Proceeding with TLS on s2sout..."); - session:reset_stream(); - session.conn:starttls(session.ssl_ctx); - session.secure = false; - return true; + if session.type == "s2sout_unauthed" then + module:log("debug", "Proceeding with TLS on s2sout..."); + session:reset_stream(); + session.conn:starttls(session.ssl_ctx); + session.secure = false; + return true; + end end); |