mod_tls: Check that connection has starttls method first to prevent offering starttls over tls (thanks Remko and Tobias)

author: Kim Alvefur <zash@zash.se> 2017-01-27 12:21:09 +0100
committer: Kim Alvefur <zash@zash.se> 2017-01-27 12:21:09 +0100
commit: c8b213ff4f88ac6c0d21e58669d399d12f82c5b8 (patch)
tree: d91895570e98cb55c4238a6ab9f3521ae997d068
parent: a67d0bfb97f2c2e0b2cd7a303accd70c95911275 (diff)
download: prosody-c8b213ff4f88ac6c0d21e58669d399d12f82c5b8.tar.gz
prosody-c8b213ff4f88ac6c0d21e58669d399d12f82c5b8.zip
1 files changed, 3 insertions, 3 deletions
diff --git a/plugins/mod_tls.lua b/plugins/mod_tls.lua
index c5903b61..2b265032 100644
--- a/plugins/mod_tls.lua
+++ b/plugins/mod_tls.lua
@@ -62,10 +62,10 @@ do
 end
 
 local function can_do_tls(session)
-	if session.ssl_ctx ~= nil then
-		return session.ssl_ctx;
-	elseif not session.conn.starttls then
+	if not session.conn.starttls then
 		return false;
+	elseif session.ssl_ctx ~= nil then
+		return session.ssl_ctx;
 	end
 	if session.type == "c2s_unauthed" then
 		session.ssl_ctx = ssl_ctx_c2s;
author	Kim Alvefur <zash@zash.se>	2017-01-27 12:21:09 +0100
committer	Kim Alvefur <zash@zash.se>	2017-01-27 12:21:09 +0100
commit	c8b213ff4f88ac6c0d21e58669d399d12f82c5b8 (patch)
tree	d91895570e98cb55c4238a6ab9f3521ae997d068
parent	a67d0bfb97f2c2e0b2cd7a303accd70c95911275 (diff)
download	prosody-c8b213ff4f88ac6c0d21e58669d399d12f82c5b8.tar.gz prosody-c8b213ff4f88ac6c0d21e58669d399d12f82c5b8.zip