aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--CHANGES2
-rw-r--r--plugins/mod_s2s.lua11
2 files changed, 10 insertions, 3 deletions
diff --git a/CHANGES b/CHANGES
index 3e7907f0..b3f0bdb6 100644
--- a/CHANGES
+++ b/CHANGES
@@ -27,7 +27,7 @@ TRUNK
- SNI support (including automatic certificate selection)
- ALPN support in mod_net_multiplex
- DANE support in low-level network layer
-- Direct TLS support (c2s and incoming s2s)
+- Direct TLS support (c2s and s2s)
- SCRAM-SHA-256
- Direct TLS (including https) certificates updated on reload
- Pluggable authorization providers (mod_authz_)
diff --git a/plugins/mod_s2s.lua b/plugins/mod_s2s.lua
index 7b915194..66b4c56b 100644
--- a/plugins/mod_s2s.lua
+++ b/plugins/mod_s2s.lua
@@ -29,6 +29,7 @@ local uuid_gen = require "util.uuid".generate;
local runner = require "util.async".runner;
local connect = require "net.connect".connect;
local service = require "net.resolvers.service";
+local resolver_chain = require "net.resolvers.chain";
local errors = require "util.error";
local set = require "util.set";
@@ -217,8 +218,14 @@ function route_to_new_session(event)
log("debug", "stanza [%s] queued until connection complete", stanza.name);
-- FIXME Cleaner solution to passing extra data from resolvers to net.server
-- This mt-clone allows resolvers to add extra data, currently used for DANE TLSA records
- local extra = setmetatable({}, s2s_service_options_mt);
- connect(service.new(to_host, "xmpp-server", "tcp", extra), listener, nil, { session = host_session });
+ local xmpp_extra = setmetatable({}, s2s_service_options_mt);
+ local sslctx = require"core.certmanager".create_context(from_host, "client"); -- TODO this should live in mod_tls ?
+ local xmpps_extra = setmetatable({ default_port = false; servername = to_host; sslctx = sslctx }, s2s_service_options_mt);
+ local direct_and_normal = resolver_chain.new({
+ service.new(to_host, "xmpps-server", "tcp", xmpps_extra);
+ service.new(to_host, "xmpp-server", "tcp", xmpp_extra);
+ });
+ connect(direct_and_normal, listener, nil, { session = host_session });
m_initiated_connections:with_labels(from_host):add(1)
return true;
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-01 13:40:13 +0000