net.server_epoll: Prevent starttls on direct TLS connections

This is not a pretty way to signal this... but it is the current API interface:inittls() is a new code path which did not go past the point in interface:starttls() where it set starttls to false, leading mod_tls to offer starttls on direct TLS connections Thanks Martin for discovering.
author: Kim Alvefur <zash@zash.se> 2021-10-05 19:56:36 +0200
committer: Kim Alvefur <zash@zash.se> 2021-10-05 19:56:36 +0200
commit: 14c6c3dbf063a449a7020fd716ab4012059562b8 (patch)
tree: 526e72a4222ba079adf4d8cdbff2d8b33c812ae1 /net
parent: 711e09fb5067101461c66d762e3dae9bb29845fa (diff)
download: prosody-14c6c3dbf063a449a7020fd716ab4012059562b8.tar.gz
prosody-14c6c3dbf063a449a7020fd716ab4012059562b8.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/net/server_epoll.lua b/net/server_epoll.lua
index 89b6ffe9..e4fea5c1 100644
--- a/net/server_epoll.lua
+++ b/net/server_epoll.lua
@@ -634,6 +634,7 @@ function interface:inittls(tls_ctx, now)
 	if self._tls then return end
 	if tls_ctx then self.tls_ctx = tls_ctx; end
 	self._tls = true;
+	self.starttls = false;
 	self:debug("Starting TLS now");
 	self:updatenames(); -- Can't getpeer/sockname after wrap()
 	local ok, conn, err = pcall(luasec.wrap, self.conn, self.tls_ctx);
author	Kim Alvefur <zash@zash.se>	2021-10-05 19:56:36 +0200
committer	Kim Alvefur <zash@zash.se>	2021-10-05 19:56:36 +0200
commit	14c6c3dbf063a449a7020fd716ab4012059562b8 (patch)
tree	526e72a4222ba079adf4d8cdbff2d8b33c812ae1 /net
parent	711e09fb5067101461c66d762e3dae9bb29845fa (diff)
download	prosody-14c6c3dbf063a449a7020fd716ab4012059562b8.tar.gz prosody-14c6c3dbf063a449a7020fd716ab4012059562b8.zip