mod_tls: Do not offer TLS if the connection is considered secure

This may be necessary if the session.conn object is not exchanged by the network backend when establishing TLS. In that case, the starttls method will always exist and thus that is not a good indicator for offering TLS. However, the secure bit already tells us that TLS has been established or is not to be established on the connection, so we use that instead.
author: Jonas Schäfer <jonas@wielicki.name> 2021-09-17 21:18:30 +0200
committer: Jonas Schäfer <jonas@wielicki.name> 2021-09-17 21:18:30 +0200
commit: 85abab1dfd0e1f919db3130bfd08226184099ac8 (patch)
tree: 434b910a2cfb1fe6c25aeed223fdaa579c9b9b46 /plugins
parent: 9f7c3b9ba6c2fde4431cd6f3a12072518b478d69 (diff)
download: prosody-85abab1dfd0e1f919db3130bfd08226184099ac8.tar.gz
prosody-85abab1dfd0e1f919db3130bfd08226184099ac8.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/plugins/mod_tls.lua b/plugins/mod_tls.lua
index afc1653a..76964082 100644
--- a/plugins/mod_tls.lua
+++ b/plugins/mod_tls.lua
@@ -80,6 +80,9 @@ end
 module:hook_global("config-reloaded", module.load);
 
 local function can_do_tls(session)
+	if session.secure then
+		return false;
+	end
 	if session.conn and not session.conn.starttls then
 		if not session.secure then
 			session.log("debug", "Underlying connection does not support STARTTLS");
author	Jonas Schäfer <jonas@wielicki.name>	2021-09-17 21:18:30 +0200
committer	Jonas Schäfer <jonas@wielicki.name>	2021-09-17 21:18:30 +0200
commit	85abab1dfd0e1f919db3130bfd08226184099ac8 (patch)
tree	434b910a2cfb1fe6c25aeed223fdaa579c9b9b46 /plugins
parent	9f7c3b9ba6c2fde4431cd6f3a12072518b478d69 (diff)
download	prosody-85abab1dfd0e1f919db3130bfd08226184099ac8.tar.gz prosody-85abab1dfd0e1f919db3130bfd08226184099ac8.zip