s2smanager: Make require_s2s_encryption do what it says on the tin

author: Matthew Wild <mwild1@gmail.com> 2010-01-30 16:42:27 +0000
committer: Matthew Wild <mwild1@gmail.com> 2010-01-30 16:42:27 +0000
commit: 4a7e2575df44bf558655f18a482ea240fb9e8cf1 (patch)
tree: 27be5d45ef70457bd168f184287926190844c518 /core/s2smanager.lua
parent: 2c384fccc25d6ced56dfd53e55a8a9c0efc2998a (diff)
download: prosody-4a7e2575df44bf558655f18a482ea240fb9e8cf1.tar.gz
prosody-4a7e2575df44bf558655f18a482ea240fb9e8cf1.zip
1 files changed, 10 insertions, 0 deletions
diff --git a/core/s2smanager.lua b/core/s2smanager.lua
index 396c41cc..a8ee04f9 100644
--- a/core/s2smanager.lua
+++ b/core/s2smanager.lua
@@ -453,6 +453,16 @@ function verify_dialback(id, to, from, key)
 end
 
 function make_authenticated(session, host)
+	if not session.secure then
+		local local_host = session.direction == "incoming" and session.to_host or session.from_host;
+		if config.get(local_host, "core", "require_s2s_encryption")) then
+			session:close({
+				condition = "policy-violation",
+				text = "Encrypted server-to-server communication is required but was not "
+				       ..((session.direction == "outgoing" and "offered") or "used")
+			});
+		end
+	end
 	if session.type == "s2sout_unauthed" then
 		session.type = "s2sout";
 	elseif session.type == "s2sin_unauthed" then
author	Matthew Wild <mwild1@gmail.com>	2010-01-30 16:42:27 +0000
committer	Matthew Wild <mwild1@gmail.com>	2010-01-30 16:42:27 +0000
commit	4a7e2575df44bf558655f18a482ea240fb9e8cf1 (patch)
tree	27be5d45ef70457bd168f184287926190844c518 /core/s2smanager.lua
parent	2c384fccc25d6ced56dfd53e55a8a9c0efc2998a (diff)
download	prosody-4a7e2575df44bf558655f18a482ea240fb9e8cf1.tar.gz prosody-4a7e2575df44bf558655f18a482ea240fb9e8cf1.zip