diff options
| author | Jonas Schäfer <jonas@wielicki.name> | 2022-04-27 17:44:14 +0200 |
|---|---|---|
| committer | Jonas Schäfer <jonas@wielicki.name> | 2022-04-27 17:44:14 +0200 |
| commit | 38346dd6f1dcd963e17722bf175445465d7683f4 (patch) | |
| tree | d8585ca60e8995f5967a7467916496937050a9db /plugins/mod_saslauth.lua | |
| parent | 07ee0f44708425c9cfb9381b9030692550a8cf32 (diff) | |
| download | prosody-38346dd6f1dcd963e17722bf175445465d7683f4.tar.gz prosody-38346dd6f1dcd963e17722bf175445465d7683f4.zip | |
net: isolate LuaSec-specifics
For this, various accessor functions are now provided directly on the
sockets, which reach down into the LuaSec implementation to obtain the
information.
While this may seem of little gain at first, it hides the implementation
detail of the LuaSec+LuaSocket combination that the actual socket and
the TLS layer are separate objects.
The net gain here is that an alternative implementation does not have to
emulate that specific implementation detail and "only" has to expose
LuaSec-compatible data structures on the new functions.
Diffstat (limited to 'plugins/mod_saslauth.lua')
| -rw-r--r-- | plugins/mod_saslauth.lua | 11 |
1 files changed, 5 insertions, 6 deletions
diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua index ab863aa3..649f9ba6 100644 --- a/plugins/mod_saslauth.lua +++ b/plugins/mod_saslauth.lua @@ -242,7 +242,7 @@ module:hook("stanza/urn:ietf:params:xml:ns:xmpp-sasl:abort", function(event) end); local function tls_unique(self) - return self.userdata["tls-unique"]:getpeerfinished(); + return self.userdata["tls-unique"]:ssl_peerfinished(); end local mechanisms_attr = { xmlns='urn:ietf:params:xml:ns:xmpp-sasl' }; @@ -262,18 +262,17 @@ module:hook("stream-features", function(event) -- check whether LuaSec has the nifty binding to the function needed for tls-unique -- FIXME: would be nice to have this check only once and not for every socket if sasl_handler.add_cb_handler then - local socket = origin.conn:socket(); - local info = socket.info and socket:info(); - if info.protocol == "TLSv1.3" then + local info = origin.conn:ssl_info(); + if info and info.protocol == "TLSv1.3" then log("debug", "Channel binding 'tls-unique' undefined in context of TLS 1.3"); - elseif socket.getpeerfinished and socket:getpeerfinished() then + elseif origin.conn.ssl_peerfinished and origin.conn:ssl_peerfinished() then log("debug", "Channel binding 'tls-unique' supported"); sasl_handler:add_cb_handler("tls-unique", tls_unique); else log("debug", "Channel binding 'tls-unique' not supported (by LuaSec?)"); end sasl_handler["userdata"] = { - ["tls-unique"] = socket; + ["tls-unique"] = origin.conn; }; else log("debug", "Channel binding not supported by SASL handler"); |