aboutsummaryrefslogtreecommitdiffstats
path: root/plugins
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2019-03-11 13:07:59 +0100
committerKim Alvefur <zash@zash.se>2019-03-11 13:07:59 +0100
commit4b022060a27216380565302aa0fc3ca805a532eb (patch)
tree2fa521bd74ad9ae45ba4ea4c6c5cafb6f4dcb709 /plugins
parent2bc176f1d072da9404436a40581745033d1e41b6 (diff)
downloadprosody-4b022060a27216380565302aa0fc3ca805a532eb.tar.gz
prosody-4b022060a27216380565302aa0fc3ca805a532eb.zip
mod_tls: Restore querying for certificates on s2s
The 'ssl_config' setting in the mod_s2s network service is not used. Only direct TLS ports use this currently.
Diffstat (limited to 'plugins')
-rw-r--r--plugins/mod_s2s/mod_s2s.lua2
-rw-r--r--plugins/mod_tls.lua8
2 files changed, 7 insertions, 3 deletions
diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua
index b0d551fe..f0fdc5fb 100644
--- a/plugins/mod_s2s/mod_s2s.lua
+++ b/plugins/mod_s2s/mod_s2s.lua
@@ -738,7 +738,7 @@ module:provides("net", {
listener = listener;
default_port = 5269;
encryption = "starttls";
- ssl_config = {
+ ssl_config = { -- FIXME This is not used atm, see mod_tls
verify = { "peer", "client_once", };
};
multiplex = {
diff --git a/plugins/mod_tls.lua b/plugins/mod_tls.lua
index 4ead60dc..d8bf02c4 100644
--- a/plugins/mod_tls.lua
+++ b/plugins/mod_tls.lua
@@ -53,13 +53,17 @@ function module.load()
local parent_s2s = rawgetopt(parent, "s2s_ssl") or NULL;
local host_s2s = rawgetopt(modhost, "s2s_ssl") or parent_s2s;
+ local request_client_certs = { verify = { "peer", "client_once", }; };
+
ssl_ctx_c2s, err_c2s, ssl_cfg_c2s = create_context(host.host, "server", host_c2s, host_ssl, global_c2s); -- for incoming client connections
if not ssl_ctx_c2s then module:log("error", "Error creating context for c2s: %s", err_c2s); end
- ssl_ctx_s2sout, err_s2sout, ssl_cfg_s2sout = create_context(host.host, "client", host_s2s, host_ssl, global_s2s); -- for outgoing server connections
+ -- for outgoing server connections
+ ssl_ctx_s2sout, err_s2sout, ssl_cfg_s2sout = create_context(host.host, "client", host_s2s, host_ssl, global_s2s, request_client_certs);
if not ssl_ctx_s2sout then module:log("error", "Error creating contexts for s2sout: %s", err_s2sout); end
- ssl_ctx_s2sin, err_s2sin, ssl_cfg_s2sin = create_context(host.host, "server", host_s2s, host_ssl, global_s2s); -- for incoming server connections
+ -- for incoming server connections
+ ssl_ctx_s2sin, err_s2sin, ssl_cfg_s2sin = create_context(host.host, "server", host_s2s, host_ssl, global_s2s, request_client_certs);
if not ssl_ctx_s2sin then module:log("error", "Error creating contexts for s2sin: %s", err_s2sin); end
end