diff options
author | Matthew Wild <mwild1@gmail.com> | 2014-01-18 18:46:31 +0000 |
---|---|---|
committer | Matthew Wild <mwild1@gmail.com> | 2014-01-18 18:46:31 +0000 |
commit | ed8030da5147e3ef3fdf13327e69a3a3f31e7dac (patch) | |
tree | efa0d4a591840269956109110cd373cf82de3ef8 /plugins/mod_tls.lua | |
parent | a651d9102302e73f181bc3a81ecdae8f9e21b649 (diff) | |
parent | 996847e180ee7dfcbc81e920527dfc7d62115cb9 (diff) | |
download | prosody-ed8030da5147e3ef3fdf13327e69a3a3f31e7dac.tar.gz prosody-ed8030da5147e3ef3fdf13327e69a3a3f31e7dac.zip |
Merge 0.10->trunk
Diffstat (limited to 'plugins/mod_tls.lua')
-rw-r--r-- | plugins/mod_tls.lua | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/plugins/mod_tls.lua b/plugins/mod_tls.lua index bab2202e..7c3d79be 100644 --- a/plugins/mod_tls.lua +++ b/plugins/mod_tls.lua @@ -10,9 +10,15 @@ local config = require "core.configmanager"; local create_context = require "core.certmanager".create_context; local st = require "util.stanza"; -local secure_auth_only = module:get_option("c2s_require_encryption") or module:get_option("require_encryption"); -local secure_s2s_only = module:get_option("s2s_require_encryption"); +local c2s_require_encryption = module:get_option("c2s_require_encryption") or module:get_option("require_encryption"); +local s2s_require_encryption = module:get_option("s2s_require_encryption"); local allow_s2s_tls = module:get_option("s2s_allow_encryption") ~= false; +local s2s_secure_auth = module:get_option("s2s_secure_auth"); + +if s2s_secure_auth and s2s_require_encryption == false then + module:log("warn", "s2s_secure_auth implies s2s_require_encryption, but s2s_require_encryption is set to false"); + s2s_require_encryption = true; +end local xmlns_starttls = 'urn:ietf:params:xml:ns:xmpp-tls'; local starttls_attr = { xmlns = xmlns_starttls }; @@ -20,8 +26,8 @@ local starttls_proceed = st.stanza("proceed", starttls_attr); local starttls_failure = st.stanza("failure", starttls_attr); local c2s_feature = st.stanza("starttls", starttls_attr); local s2s_feature = st.stanza("starttls", starttls_attr); -if secure_auth_only then c2s_feature:tag("required"):up(); end -if secure_s2s_only then s2s_feature:tag("required"):up(); end +if c2s_require_encryption then c2s_feature:tag("required"):up(); end +if s2s_require_encryption then s2s_feature:tag("required"):up(); end local hosts = prosody.hosts; local host = hosts[module.host]; |