mod_tls: Don't advertise TLS after authentication.

author: Waqas Hussain <waqas20@gmail.com> 2010-02-10 01:36:22 +0500
committer: Waqas Hussain <waqas20@gmail.com> 2010-02-10 01:36:22 +0500
commit: 6d21bd8cf4706fdb0bbf67b3704756c69ae99e32 (patch)
tree: f841ca6ad37905e405a8a29f1fec2c28333822f6 /plugins/mod_tls.lua
parent: 958fddede9f8c86ecd38fad8ea80baf428874f34 (diff)
download: prosody-6d21bd8cf4706fdb0bbf67b3704756c69ae99e32.tar.gz
prosody-6d21bd8cf4706fdb0bbf67b3704756c69ae99e32.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/plugins/mod_tls.lua b/plugins/mod_tls.lua
index 73b5ae09..7153e48a 100644
--- a/plugins/mod_tls.lua
+++ b/plugins/mod_tls.lua
@@ -50,7 +50,7 @@ module:add_handler("s2sin_unauthed", "starttls", xmlns_starttls,
 local starttls_attr = { xmlns = xmlns_starttls };
 module:add_event_hook("stream-features", 
 		function (session, features)
-			if session.conn.starttls then
+			if not session.username and session.conn.starttls then
 				features:tag("starttls", starttls_attr);
 				if secure_auth_only then
 					features:tag("required"):up():up();
@@ -63,7 +63,7 @@ module:add_event_hook("stream-features",
 module:hook("s2s-stream-features", 
 		function (data)
 			local session, features = data.session, data.features;
-			if session.to_host and session.conn.starttls then
+			if session.to_host and session.type ~= "s2sin" and session.conn.starttls then
 				features:tag("starttls", starttls_attr):up();
 				if secure_s2s_only then
 					features:tag("required"):up():up();
author	Waqas Hussain <waqas20@gmail.com>	2010-02-10 01:36:22 +0500
committer	Waqas Hussain <waqas20@gmail.com>	2010-02-10 01:36:22 +0500
commit	6d21bd8cf4706fdb0bbf67b3704756c69ae99e32 (patch)
tree	f841ca6ad37905e405a8a29f1fec2c28333822f6 /plugins/mod_tls.lua
parent	958fddede9f8c86ecd38fad8ea80baf428874f34 (diff)
download	prosody-6d21bd8cf4706fdb0bbf67b3704756c69ae99e32.tar.gz prosody-6d21bd8cf4706fdb0bbf67b3704756c69ae99e32.zip