diff options
| author | Matthew Wild <mwild1@gmail.com> | 2010-01-30 16:42:27 +0000 |
|---|---|---|
| committer | Matthew Wild <mwild1@gmail.com> | 2010-01-30 16:42:27 +0000 |
| commit | d169b18350f21065da6455a51185759c356019c5 (patch) | |
| tree | fc85e42a73a2915f65691d3f1f39392dbcf1b979 /core | |
| parent | c9740f1fcf80ed25c1ab18bfba990c6d4fbe6b15 (diff) | |
| download | prosody-d169b18350f21065da6455a51185759c356019c5.tar.gz prosody-d169b18350f21065da6455a51185759c356019c5.zip | |
s2smanager: Make require_s2s_encryption do what it says on the tin
Diffstat (limited to 'core')
| -rw-r--r-- | core/s2smanager.lua | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/core/s2smanager.lua b/core/s2smanager.lua index 40fd6795..c9a26e04 100644 --- a/core/s2smanager.lua +++ b/core/s2smanager.lua @@ -449,6 +449,16 @@ function verify_dialback(id, to, from, key) end function make_authenticated(session, host) + if not session.secure then + local local_host = session.direction == "incoming" and session.to_host or session.from_host; + if config.get(local_host, "core", "require_s2s_encryption")) then + session:close({ + condition = "policy-violation", + text = "Encrypted server-to-server communication is required but was not " + ..((session.direction == "outgoing" and "offered") or "used") + }); + end + end if session.type == "s2sout_unauthed" then session.type = "s2sout"; elseif session.type == "s2sin_unauthed" then |