mod_tls: Record STARTTLS state so it can be shown in Shell

This field can be viewed using s2s:show(nil, "... starttls") even without any special support in mod_admin_shell, which can be added later to make it nicer. One can then assume that a TLS connection with an empty / nil starttls field means Direct TLS.
author: Kim Alvefur <zash@zash.se> 2022-08-02 19:26:26 +0200
committer: Kim Alvefur <zash@zash.se> 2022-08-02 19:26:26 +0200
commit: a2f8218a63e2ebbe04d1a0fc2a235af59c34f515 (patch)
tree: 2e0b4ed511ab01d1f2c10acf9f205a57665e3e3e /plugins/mod_s2s.lua
parent: 79f4868b63ff6385bbc2290ba31361bcb7ce63b5 (diff)
download: prosody-a2f8218a63e2ebbe04d1a0fc2a235af59c34f515.tar.gz
prosody-a2f8218a63e2ebbe04d1a0fc2a235af59c34f515.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/plugins/mod_s2s.lua b/plugins/mod_s2s.lua
index dd585ac7..ac3c8d4f 100644
--- a/plugins/mod_s2s.lua
+++ b/plugins/mod_s2s.lua
@@ -429,7 +429,8 @@ function stream_callbacks._streamopened(session, attr)
 	session.had_stream = true; -- Had a stream opened at least once
 
 	-- TODO: Rename session.secure to session.encrypted
-	if session.secure == false then
+	if session.secure == false then -- Set by mod_tls during STARTTLS handshake
+		session.starttls = "completed";
 		session_secure(session);
 	end
 
@@ -750,6 +751,7 @@ local function initialize_session(session)
 	local w = conn.write;
 
 	if conn:ssl() then
+		-- Direct TLS was used
 		session_secure(session);
 	end
author	Kim Alvefur <zash@zash.se>	2022-08-02 19:26:26 +0200
committer	Kim Alvefur <zash@zash.se>	2022-08-02 19:26:26 +0200
commit	a2f8218a63e2ebbe04d1a0fc2a235af59c34f515 (patch)
tree	2e0b4ed511ab01d1f2c10acf9f205a57665e3e3e /plugins/mod_s2s.lua
parent	79f4868b63ff6385bbc2290ba31361bcb7ce63b5 (diff)
download	prosody-a2f8218a63e2ebbe04d1a0fc2a235af59c34f515.tar.gz prosody-a2f8218a63e2ebbe04d1a0fc2a235af59c34f515.zip