diff options
author | Kim Alvefur <zash@zash.se> | 2019-03-11 13:07:59 +0100 |
---|---|---|
committer | Kim Alvefur <zash@zash.se> | 2019-03-11 13:07:59 +0100 |
commit | b246b00f85b1973058f8b607190a72168380dbc3 (patch) | |
tree | 2fa521bd74ad9ae45ba4ea4c6c5cafb6f4dcb709 /plugins/mod_tls.lua | |
parent | 5d2608e150b7a739c0b1658fd2e9031af9ad2991 (diff) | |
download | prosody-b246b00f85b1973058f8b607190a72168380dbc3.tar.gz prosody-b246b00f85b1973058f8b607190a72168380dbc3.zip |
mod_tls: Restore querying for certificates on s2s
The 'ssl_config' setting in the mod_s2s network service is not used.
Only direct TLS ports use this currently.
Diffstat (limited to 'plugins/mod_tls.lua')
-rw-r--r-- | plugins/mod_tls.lua | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/plugins/mod_tls.lua b/plugins/mod_tls.lua index 4ead60dc..d8bf02c4 100644 --- a/plugins/mod_tls.lua +++ b/plugins/mod_tls.lua @@ -53,13 +53,17 @@ function module.load() local parent_s2s = rawgetopt(parent, "s2s_ssl") or NULL; local host_s2s = rawgetopt(modhost, "s2s_ssl") or parent_s2s; + local request_client_certs = { verify = { "peer", "client_once", }; }; + ssl_ctx_c2s, err_c2s, ssl_cfg_c2s = create_context(host.host, "server", host_c2s, host_ssl, global_c2s); -- for incoming client connections if not ssl_ctx_c2s then module:log("error", "Error creating context for c2s: %s", err_c2s); end - ssl_ctx_s2sout, err_s2sout, ssl_cfg_s2sout = create_context(host.host, "client", host_s2s, host_ssl, global_s2s); -- for outgoing server connections + -- for outgoing server connections + ssl_ctx_s2sout, err_s2sout, ssl_cfg_s2sout = create_context(host.host, "client", host_s2s, host_ssl, global_s2s, request_client_certs); if not ssl_ctx_s2sout then module:log("error", "Error creating contexts for s2sout: %s", err_s2sout); end - ssl_ctx_s2sin, err_s2sin, ssl_cfg_s2sin = create_context(host.host, "server", host_s2s, host_ssl, global_s2s); -- for incoming server connections + -- for incoming server connections + ssl_ctx_s2sin, err_s2sin, ssl_cfg_s2sin = create_context(host.host, "server", host_s2s, host_ssl, global_s2s, request_client_certs); if not ssl_ctx_s2sin then module:log("error", "Error creating contexts for s2sin: %s", err_s2sin); end end |