diff options
| -rw-r--r-- | plugins/mod_c2s.lua | 7 | ||||
| -rw-r--r-- | plugins/mod_s2s/mod_s2s.lua | 9 | ||||
| -rwxr-xr-x | prosodyctl | 37 |
3 files changed, 50 insertions, 3 deletions
diff --git a/plugins/mod_c2s.lua b/plugins/mod_c2s.lua index 1423eaa3..3d9f9f88 100644 --- a/plugins/mod_c2s.lua +++ b/plugins/mod_c2s.lua @@ -83,7 +83,12 @@ function stream_callbacks.streamopened(session, attr) local features = st.stanza("stream:features"); hosts[session.host].events.fire_event("stream-features", { origin = session, features = features }); - send(features); + if features.tags[1] or session.full_jid then + send(features); + else + (session.log or log)("warn", "No features to offer"); + session:close{ condition = "undefined-condition", text = "No features to proceed with" }; + end end function stream_callbacks.streamclosed(session) diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index 68042a5d..ff8ef45d 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -354,8 +354,13 @@ function stream_callbacks.streamopened(session, attr) (session.log or log)("warn", "No 'to' on stream header from %s means we can't offer any features", from or session.ip or "unknown host"); end - log("debug", "Sending stream features: %s", tostring(features)); - session.sends2s(features); + if ( session.type == "s2sin" or session.type == "s2sout" ) or features.tags[1] then + log("debug", "Sending stream features: %s", tostring(features)); + session.sends2s(features); + else + (session.log or log)("warn", "No features to offer, giving up"); + session:close({ condition = "undefined-condition", text = "No features to offer" }); + end end elseif session.direction == "outgoing" then session.notopen = nil; @@ -913,6 +913,43 @@ function commands.check(arg) print(" For more information see: http://prosody.im/doc/dns"); end end + local all_options = set.new(); + for host in enabled_hosts() do + all_options:include(set.new(it.to_array(it.keys(config[host])))); + end + local ssl = nil, dependencies.softreq"ssl"; + if not ssl then + if not set.intersection(all_options, set.new({"require_encryption", "c2s_require_encryption", "s2s_require_encryption"})):empty() then + print(""); + print(" You require encryption but LuaSec is not available."); + print(" Connections will fail."); + ok = false; + end + elseif not ssl.loadcertificate then + if all_options:contains("s2s_secure_auth") then + print(""); + print(" You have set s2s_secure_auth but your version of LuaSec does "); + print(" not support certificate validation, so all s2s connections will"); + print(" fail."); + ok = false; + elseif all_options:contains("s2s_secure_domains") then + local secure_domains = set.new(); + for host in enabled_hosts() do + if config[host].s2s_secure_auth == true then + secure_domains:add("*"); + else + secure_domains:include(set.new(config[host].s2s_secure_domains)); + end + end + if not secure_domains:empty() then + print(""); + print(" You have set s2s_secure_domains but your version of LuaSec does "); + print(" not support certificate validation, so s2s connections to/from "); + print(" these domains will fail."); + ok = false; + end + end + end print("Done.\n"); end |