diff options
| author | Matthew Wild <mwild1@gmail.com> | 2013-05-18 12:03:03 +0100 |
|---|---|---|
| committer | Matthew Wild <mwild1@gmail.com> | 2013-05-18 12:03:03 +0100 |
| commit | 651c67dc6b70b1e0fac99e1f864656d335974f69 (patch) | |
| tree | 9a2df10e453653ada7c2f4672eaf6fe1efa462d8 /plugins/mod_s2s/mod_s2s.lua | |
| parent | 73fe0d54714b34a0a202f1d1e9f2390ad9a54ad6 (diff) | |
| parent | bca009fef49f97bab1bc8e885195aaa6af98001a (diff) | |
| download | prosody-651c67dc6b70b1e0fac99e1f864656d335974f69.tar.gz prosody-651c67dc6b70b1e0fac99e1f864656d335974f69.zip | |
Merge 0.9->trunk
Diffstat (limited to 'plugins/mod_s2s/mod_s2s.lua')
| -rw-r--r-- | plugins/mod_s2s/mod_s2s.lua | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index 30ebb706..5a2af968 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -37,7 +37,7 @@ local opt_keepalives = module:get_option_boolean("s2s_tcp_keepalives", module:ge local secure_auth = module:get_option_boolean("s2s_secure_auth", false); -- One day... local secure_domains, insecure_domains = module:get_option_set("s2s_secure_domains", {})._items, module:get_option_set("s2s_insecure_domains", {})._items; -local require_encryption = module:get_option_boolean("s2s_require_encryption", secure_auth); +local require_encryption = module:get_option_boolean("s2s_require_encryption", false); local sessions = module:shared("sessions"); @@ -185,7 +185,7 @@ end function make_authenticated(event) local session, host = event.session, event.host; if not session.secure then - if require_encryption or secure_auth or secure_domains[host] then + if require_encryption or (secure_auth and not(insecure_domains[host])) or secure_domains[host] then session:close({ condition = "policy-violation", text = "Encrypted server-to-server communication is required but was not " |